Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#60750 - [bind] 9.13.3-3: support for ed25519 broken with OpenSSL 1.1.1 final
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Friday, 09 November 2018, 01:13 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 07 April 2019, 13:45 GMT
Opened by Pascal Ernster (hardfalcon) - Friday, 09 November 2018, 01:13 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 07 April 2019, 13:45 GMT
|
DetailsSupport for creating ed25519 signatures is broken when bind is built/used with the final release of OpenSSL 1.1.1. Key generation works, but actually signing a zone fails. The zone will still be loaded and can be queried, but no DNSKEY records are generated even if named is configured to manage DNSSEC signatures by itself (the same configuration works flawlessly when using non-EDDSA keys, for example RSASHA256 or ECDSAP384SHA384 keys).
A patch which fixes this has been merged by upstream: https://gitlab.isc.org/isc-projects/bind9/commit/739b74759d383a091eee55d161832ab76aecacd5 I've slightly modified the CHANGES hunk in that patch to make the patch applicable to bind 9.13.3. Note that even with this patch, ed448 support will still be completely broken (not even key generation works), even though upstream's changelog claims otherwise. This is a known bug which will likely only be fixed in bind 9.15.x: https://gitlab.isc.org/isc-projects/bind9/issues/225#note_25969 
844_adapted_for_bind_9.13.3.p...
(2.5 KiB)
|
This task depends upon
Closed by Sébastien Luttringer (seblu)
Sunday, 07 April 2019, 13:45 GMT
Reason for closing: Upstream
Additional comments about closing: Patch is included in 9.14
Sunday, 07 April 2019, 13:45 GMT
Reason for closing: Upstream
Additional comments about closing: Patch is included in 9.14