> BIND 9.7.7, 9.8.4 and 9.9.2 have "improved" OpenSSL error logging.
> Unfortunately, our logs are now filling up with "RSA_verify failed"
> messages.
Yeah, oops, we made that one too noisy. You're not the first one
who's noticed. :/
> How does one go about tracking down the source of these failures and
> correcting them? (We are running OpenSSL 1.0.1c.)
In BIND9, in lib/dns/opensslrsa_link.c, change this:
return (dst__openssl_toresult2("RSA_verify",
DST_R_VERIFYFAILURE));
to this:
return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
--
Evan Hunt -- [email protected]
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
