Report information
The Basics
Id:
47068
Status:
resolved
Priority:
Low/Low
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Cc:
AdminCc:
BugTracker
Version Fixed:
9.10.7, 9.10.7(sub), 9.11.3, 9.12.1, 9.13.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Sat, 27 Jan 2018 20:51:09 -0500
Updated:Mon, 29 Jan 2018 23:24:55 -0500
Closed:Mon, 29 Jan 2018 23:24:54 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Sat, 27 Jan 2018 20:51:11 -0500 Curtis Blackburn <ckb@isc.org> - Ticket created
From: ckb@isc.org
Subject: configure --without-openssl broken
To: bind9-public@isc.org
Date: Sat, 27 Jan 2018 17:51:09 -0800

at some point after commit 61c843815e7d23110e089b45ab4be270bc2a415d (tag: v9_12_0rc1) and before commit4c8cd59241040e161e6db3e58216e66e1f69c874 (HEAD -> v9_12, origin/v9_12, gitlab/v9_12) When you run ./configure --without-openssl && make, the make fails: In file included from hmac_link.c:44: ./dst_openssl.h:18:10: fatal error: 'openssl/err.h' file not found #include <openssl/err.h> (This was tested on OSX, but I see no evidence that it wouldnt happen with all platforms)
  Sun, 28 Jan 2018 03:23:29 -0500 Francis Dupont <Francis_Dupont@isc.org> - Correspondence added

On Sun Jan 28 01:51:11 2018, ckb wrote: > at some point after commit 61c843815e7d23110e089b45ab4be270bc2a415d > (tag: v9_12_0rc1) > and before commit4c8cd59241040e161e6db3e58216e66e1f69c874 (HEAD -> > v9_12, origin/v9_12, gitlab/v9_12) > > When you run ./configure --without-openssl && make, the make fails: > In file included from hmac_link.c:44: > ./dst_openssl.h:18:10: fatal error: 'openssl/err.h' file not found > #include <openssl/err.h> > > (This was tested on OSX, but I see no evidence that it wouldnt happen > with all platforms) => I can't see a reason to include this file even conditionally... I vote to simply remove the include.
Sun, 28 Jan 2018 03:23:31 -0500 The RT System itself - Status changed from 'new' to 'open'
  Sun, 28 Jan 2018 21:44:37 -0500 Mark Andrews <marka@isc.org> - Correspondence added

On Sat Jan 27 22:23:29 2018, fdupont wrote: > On Sun Jan 28 01:51:11 2018, ckb wrote: > > at some point after commit 61c843815e7d23110e089b45ab4be270bc2a415d > > (tag: v9_12_0rc1) > > and before commit4c8cd59241040e161e6db3e58216e66e1f69c874 (HEAD -> > > v9_12, origin/v9_12, gitlab/v9_12) > > > > When you run ./configure --without-openssl && make, the make fails: > > In file included from hmac_link.c:44: > > ./dst_openssl.h:18:10: fatal error: 'openssl/err.h' file not found > > #include <openssl/err.h> > > > > (This was tested on OSX, but I see no evidence that it wouldnt happen > > with all platforms) > > => I can't see a reason to include this file even conditionally... > I vote to simply remove the include. It looks like we are pulling in the prototype for FIPS_mode by including dst_openssl.h. That include needs to be made conditional on HAVE_FIPS_MODE.
  Sun, 28 Jan 2018 21:50:01 -0500 Mark Andrews <marka@isc.org> - Correspondence added

On Sun Jan 28 16:44:37 2018, marka wrote: > On Sat Jan 27 22:23:29 2018, fdupont wrote: > > On Sun Jan 28 01:51:11 2018, ckb wrote: > > > at some point after commit 61c843815e7d23110e089b45ab4be270bc2a415d > > > (tag: v9_12_0rc1) > > > and before commit4c8cd59241040e161e6db3e58216e66e1f69c874 (HEAD -> > > > v9_12, origin/v9_12, gitlab/v9_12) > > > > > > When you run ./configure --without-openssl && make, the make fails: > > > In file included from hmac_link.c:44: > > > ./dst_openssl.h:18:10: fatal error: 'openssl/err.h' file not found > > > #include <openssl/err.h> > > > > > > (This was tested on OSX, but I see no evidence that it wouldnt happen > > > with all platforms) > > > > => I can't see a reason to include this file even conditionally... > > I vote to simply remove the include. > > It looks like we are pulling in the prototype for FIPS_mode by including > dst_openssl.h. That include needs to be made conditional on HAVE_FIPS_MODE. ready for review
Sun, 28 Jan 2018 21:50:02 -0500 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'review'
Sun, 28 Jan 2018 21:50:02 -0500 Mark Andrews <marka@isc.org> - Area feature changed to bug
Sun, 28 Jan 2018 21:50:02 -0500 Mark Andrews <marka@isc.org> - Priority P2 Normal added
Sun, 28 Jan 2018 21:50:02 -0500 Mark Andrews <marka@isc.org> - Severity S2 Normal added
  Mon, 29 Jan 2018 03:22:45 -0500 Francis Dupont <Francis_Dupont@isc.org> - Correspondence added

On Mon Jan 29 02:50:01 2018, marka wrote: > > It looks like we are pulling in the prototype for FIPS_mode by > > including > > dst_openssl.h. That include needs to be made conditional on > > HAVE_FIPS_MODE. => or OPENSSL but HAVE_FIPS_MODE is more explicit. > ready for review => code OK.
Mon, 29 Jan 2018 03:22:46 -0500 Francis Dupont <Francis_Dupont@isc.org> - Given to Mark Andrews <marka@isc.org>
Mon, 29 Jan 2018 23:24:53 -0500 Mark Andrews <marka@isc.org> - Version Fixed 9.10.7, 9.10.7(sub), 9.11.3, 9.12.1, 9.13.0 added
  Mon, 29 Jan 2018 23:24:53 -0500 Mark Andrews <marka@isc.org> - Correspondence added

4881. [bug] Only include dst_openssl.h when OpenSSL is required. [RT #47068]
Mon, 29 Jan 2018 23:24:54 -0500 Mark Andrews <marka@isc.org> - Status changed from 'review' to 'resolved'
Mon, 29 Jan 2018 23:24:55 -0500 Mark Andrews <marka@isc.org> - Untaken