From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 23 15:27:42 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 15C5B1065670
	for <freebsd-questions@freebsd.org>;
	Wed, 23 Nov 2011 15:27:42 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id 9B5108FC14
	for <freebsd-questions@freebsd.org>;
	Wed, 23 Nov 2011 15:27:41 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	pANFRa11097837
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>; Wed, 23 Nov 2011 15:27:37 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: OpenDKIM Filter v2.4.1 smtp.infracaninophile.co.uk pANFRa11097837
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=infracaninophile.co.uk; s=201001-infracaninophile; t=1322062057;
	bh=sLVLP6p0LVsZS0+HUE3Dss/vi2k3dE7zdj9ngzqkSFU=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	In-Reply-To:Content-Type:Cc;
	b=iQDfGdgJlHA8tmkll26rXBaM2+k2TbdyIXvxlBhkfTvAae2qd76aSohgdn9Ls6UuD
	ScPeE3qZV+JWJnybVuOnMSeOY7biOnaHvD1+u43MEV3JUJSUJItqTklsrqAmQHpTdv
	EdgPacoc/izGIvUio2QoEklinh37MRKiFnYMutZo=
Message-ID: <4ECD10E1.7040803@infracaninophile.co.uk>
Date: Wed, 23 Nov 2011 15:27:29 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <014201cca9de$ec1429c0$c43c7d40$@leadmon.net>
	<4ECCF2B5.3050704@infracaninophile.co.uk>
	<20111123090105.0891aa62@scorpio>
In-Reply-To: <20111123090105.0891aa62@scorpio>
X-Enigmail-Version: 1.3.3
OpenPGP: id=60AE908C
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigAB469A8371352D888EFD3114"
X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Subject: Re: BIND 9.8.1-P1 with OpenSSL 1.0.0 issues..
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2011 15:27:42 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigAB469A8371352D888EFD3114
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 23/11/2011 14:01, Jerry wrote:
> On Wed, 23 Nov 2011 13:18:45 +0000
> Matthew Seaman articulated:
>=20
>> I've been using the attached patch with the dns/bind98 port and
>> openssl-1.0.x from ports for months.  This disables using the GOST
>> cipher plugins -- which is no big deal as far as I'm concerned.  GOST
>> ciphers are only supplied as plugin modules unlike all other ciphers
>> in openssl, which is a new thing with version 1.0.0 in ports.  It's
>> that libgost.so plugin shlib not playing well with chroot that
>> apparently causes named to crash.
>=20
> Mathew, has anyone filed a PR either here or upstream regarding this
> phenomena?

I sent my patch to Doug Barton (bind maintainer in src/ports) but he
didn't accept it.  Discussions I've seen around this are that the
OpenSSL guys say that it's not a bug from their side, and that bind is
doing it wrong.  I believe the ISC guys are aware but I don't know if
they have a fix in the works or not.  Possibly some advanced combination
of LDFLAGS at compile-time might sort things,  but I really have no idea.=


	Cheers,

	Matthew


--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enigAB469A8371352D888EFD3114
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7NEOgACgkQ8Mjk52CukIxCQgCglVFu1SWavRG+j0vuPCdCrx9K
YgcAniw9yWVMlctp9qpaMV3hT2Utstq/
=oGWB
-----END PGP SIGNATURE-----

--------------enigAB469A8371352D888EFD3114--