On Sat, Aug 25, 2018 at 06:44:01PM +0200, Anand Buddhdev wrote: > TSIG isn't the only thing that needs cryptographic functions. BIND also > had support for DNS COOKIES (RFC 7873), which also need openssl. I would > say openssl is not optional, so just don't compile without it. > > I don't even know why there's an option to compile without openssl, but > I'm sure one of the BIND developers can enlighten us.
In the newest development release, there is no longer an option to compile without a cryptographic provider. That provider can be openssl, or hardware service module that supports PKCS#11, but you at least need one or the other. I'm not entirely sure why the option was there in the first place, as that dates back to before my time. But I do remember that in the 90s, when development on BIND 9 was first started, there were derpy export requirements for crypto libraries, which meant openssl wasn't available on all platforms, and I've always guessed it was because of that. No longer an issue, anyway. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
