|
 |
3ce7d3 |
From e1da251de9647872d776b70078556f4e3e21cad8 Mon Sep 17 00:00:00 2001
|
|
|
3ce7d3 |
From: Petr Mensik <pemensik@redhat.com>
|
|
|
3ce7d3 |
Date: Thu, 21 Feb 2019 12:36:17 +0100
|
|
|
3ce7d3 |
Subject: [PATCH] Disable autodetected ED448 algorithm support
|
|
|
3ce7d3 |
|
|
|
3ce7d3 |
Implementation is broken in bind, disabled also in more recent versions.
|
|
|
3ce7d3 |
Makes bin/tests/system/dnssec fail.
|
|
|
3ce7d3 |
---
|
|
|
3ce7d3 |
configure.in | 9 +++++++--
|
|
|
3ce7d3 |
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
|
3ce7d3 |
|
|
|
3ce7d3 |
diff --git a/configure.in b/configure.in
|
|
|
3ce7d3 |
index 1397c50..475ab9e 100644
|
|
|
3ce7d3 |
--- a/configure.in
|
|
|
3ce7d3 |
+++ b/configure.in
|
|
|
3ce7d3 |
@@ -1964,6 +1964,9 @@ int main() {
|
|
|
3ce7d3 |
}
|
|
|
3ce7d3 |
],
|
|
|
3ce7d3 |
[AC_MSG_RESULT(yes)
|
|
|
3ce7d3 |
+ # ED448 support is broken in BIND
|
|
|
3ce7d3 |
+ # https://gitlab.isc.org/isc-projects/bind9/issues/225
|
|
|
3ce7d3 |
+ # disable if autodetected, can be enabled by --with-eddsa=all
|
|
|
3ce7d3 |
have_ed448="yes"],
|
|
|
3ce7d3 |
[AC_MSG_RESULT(no)
|
|
|
3ce7d3 |
have_ed448="no"],
|
|
|
3ce7d3 |
@@ -1976,8 +1979,10 @@ int main() {
|
|
|
3ce7d3 |
esac
|
|
|
3ce7d3 |
case $have_ed448 in
|
|
|
3ce7d3 |
yes)
|
|
|
3ce7d3 |
- AC_DEFINE(HAVE_OPENSSL_ED448, 1,
|
|
|
3ce7d3 |
- [Define if your OpenSSL version supports Ed448.])
|
|
|
3ce7d3 |
+ # ED448 support is broken in BIND
|
|
|
3ce7d3 |
+ # https://gitlab.isc.org/isc-projects/bind9/issues/225
|
|
|
3ce7d3 |
+ # AC_DEFINE(HAVE_OPENSSL_ED448, 1,
|
|
|
3ce7d3 |
+ # [Define if your OpenSSL version supports Ed448.])
|
|
|
3ce7d3 |
;;
|
|
|
3ce7d3 |
*)
|
|
|
3ce7d3 |
;;
|
|
|
3ce7d3 |
--
|
|
|
3ce7d3 |
2.20.1
|
|
|
3ce7d3 |
|