-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Riccardo,
On 01/19/2016 05:36 PM, Riccardo Spagni via Unbound-users wrote: > BUMP:) > > On Sat, Jan 16, 2016 at 10:05 PM Riccardo Spagni <[email protected] > <mailto:[email protected]>> wrote: > > Hi all, > > We've been using ub_ctx_add_ta() in libunbound to manually include > the root trust anchor in Monero (because there's no standard for > storing the root trust anchor, and Windows users almost definitely > won't have one). This worked for ages, but as of a few months ago > the following error occurs: The format is a DNS resource record on one line, DS or DNSKEY. If I call ub_ctx_add_ta() with the string you have there, the root anchor with a \n after it, it works fine. The warning is printed if you try to load an unsupported trust anchor, this behaviour has changed in recent releases, dealing with loading trust anchors with unknown algorithms, to support root key rollover schemes more thoroughly. However, the string you give has supported algorithms. I do not understand either why you get this error. Are you loading a different string? (for instance with an ECDSA algorithm and the user has old OpenSSL with no ECDSA support). Or have you compiled unbound without sha256 support? Not even sure if that is possible and I think that needs configure options to do it, but then this message would appear. Note the hard coded anchor will get you in trouble with the root key rollover that is talked about in public forums. You need to have some sort of update process (f.e. using your software update). Best regards, Wouter > > [1452966957] libunbound[15265:0] info: warning: unsupported > algorithm for trust anchor . DNSKEY IN [1452966957] > libunbound[15265:0] warning: trust anchor . has no supported > algorithms, the anchor is ignored (check if you need to upgrade > unbound and openssl) > > We figured it would resolve itself with some future version of > libunbound, but as of 1.5.8 (git head) from a few weeks ago it is > still not working. > > This is the hard-coded anchor: > https://github.com/monero-project/bitmonero/blob/master/src/common/dns_utils.cpp#L87 > > And this is the snippet where we add the anchor using > ub_ctx_add_ta(): > https://github.com/monero-project/bitmonero/blob/master/src/common/dns_utils.cpp#L229 > > Any suggestions? Is it expecting a different format for that > anchor? Thanks! > > Riccardo > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWn0LnAAoJEJ9vHC1+BF+Nn/EP/0BQyTP/EgPMPeftcWVWBfoa IqM2jZ4kwGWyMCv8adUM9wJhE2FLJQQp079/zGBI6Iu1h0CROGPTvmVy9gmAj9xr 0s7e/SLt3tUIKkGxZMtslX3auk3633qaKhbnTibLVi2+xkqrNyAbD2rgNqVLgPf2 PdC+m0wQ4WyJM07ri4tNIizv6FwrHJ6ZepRYSAbavDYgCe/sI9p74Bwn0vCk2R7P IcLJ5z9zyb4rXnSNVV8PrhL+pxyltnfSpU75BevQq6emLru2IT70JCJeRwL8m9xb ez6S6p2e6sKkqehMfiCD/41BbYJ9Qf3uwy7YNvaz36Hk98hCrszQN9PNurPZQpNv kRy4Mr8eEZMyBnCjwRgIxVM3CdvVsLNS/q489R5Ic+WASWMjtPMSl+xwCD3Qx54z Ym0smxoixXn2wuNETumQQdIo2s0TlsXCL92QhcWYXTqXU1BA1GXcmUE2kgCOzLSR KHsJePwXiGlt+z7V0aC1rrWsmQ1XS4Xt1MHueCO8iGo053rDPr3hH763KlBoT0s+ ibPbLDJckX94BGOnCXszPAwlDHqiwToSIoFqiWyeA9aXAXP9icf1Gdip+QDYFpqw PK+kWQOaAsnWk30aiqBkARZls40rFv+7eMFO2gHcyQCfhN0G7E2efIXx9Q68TC2+ 32A5F/g64tKZXHxoGTGt =Ysk+ -----END PGP SIGNATURE-----
