3f366a17af
- Add FIPS patch back into bind (bsc#1128220) - File: bind-fix-fips.patch OBS-URL: https://build.opensuse.org/request/show/694778 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=255
23 lines
692 B
Diff
23 lines
692 B
Diff
Index: bind-9.11.2/lib/dns/opensslgost_link.c
|
|
===================================================================
|
|
--- bind-9.11.2.orig/lib/dns/opensslgost_link.c
|
|
+++ bind-9.11.2/lib/dns/opensslgost_link.c
|
|
@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp
|
|
|
|
/* check if the gost engine works properly */
|
|
e = ENGINE_by_id("gost");
|
|
- if (e == NULL)
|
|
+ if (e == NULL) {
|
|
+ /* In FIPS mode we cannot get the gost engine, even if
|
|
+ * openssl and bind was originally built with it. */
|
|
+#if 0
|
|
return (dst__openssl_toresult2("ENGINE_by_id",
|
|
DST_R_OPENSSLFAILURE));
|
|
+#endif
|
|
+ return (ISC_R_SUCCESS);
|
|
+ }
|
|
+
|
|
if (ENGINE_init(e) <= 0) {
|
|
ENGINE_free(e);
|
|
e = NULL;
|