[Dnsmasq-discuss] [PATCH] Make ECC-GOST optional only
Petr Menšík
pemensik at redhat.com
Thu Nov 10 17:02:44 UTC 2022
Hi!
I were testing my builds on rootcanary.org test, where dnsmasq is the
only one failing with DNSSEC validation enabled. I am not sure why, I
think gost crypto algorithm might be broken intentionally on Fedora or
RHEL for legal reason. But I have tested it on Debian unstable and the
result were same. It passes other algorithms, but fails on this one.
I have therefore made it possible to skip GOST support. In addition it
makes that default as well. Is there any distribution, which has GOST
support working? Is it possible that rootcanary.org has wrong signatures?
All other implementations return already insecure status - not
implemented algorithm. This change makes the same for dnsmasq.
Opinions on that?
Cheers,
Petr
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Make-ECC-GOST-algorithm-12-optional-only.patch
Type: text/x-patch
Size: 2804 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20221110/6fefefdc/attachment.bin>
More information about the Dnsmasq-discuss
mailing list