[Dnsmasq-discuss] [PATCH] Make ECC-GOST optional only
Petr Menšík
pemensik at redhat.com
Tue Nov 15 11:45:06 UTC 2022
Oh, I think that were just typo when editing that file. Of course
shouln't be there.
Attached fixed patch.
On 11/13/22 14:44, Geert Stappers via Dnsmasq-discuss wrote:
> On Thu, Nov 10, 2022 at 06:02:44PM +0100, Petr Menšík wrote:
>> Hi!
>>
>> I were testing my builds on rootcanary.org test, where dnsmasq is the only
>> one failing with DNSSEC validation enabled. I am not sure why, I think gost
>> crypto algorithm might be broken intentionally on Fedora or RHEL for legal
>> reason. But I have tested it on Debian unstable and the result were same. It
>> passes other algorithms, but fails on this one.
>>
>> I have therefore made it possible to skip GOST support. In addition it makes
>> that default as well. Is there any distribution, which has GOST support
>> working? Is it possible that rootcanary.org has wrong signatures?
>>
>> All other implementations return already insecure status - not implemented
>> algorithm. This change makes the same for dnsmasq.
>>
> ....
>> --- a/src/config.h
>> +++ b/src/config.h
>> @@ -198,6 +201,8 @@ RESOLVFILE
>> /* #define HAVE_CONNTRACK */
>> /* #define HAVE_CRYPTOHASH */
>> /* #define HAVE_DNSSEC */
>> +/* #define HAVE_GOST */
>> +/* #define HAVE_GOST */
>> /* #define HAVE_NFTSET */
>>
>> /* Default locations for important system files. */
>
> Why twice the '/* #define HAVE_GOST */' line?
>
>
>
> Groeten
> Geert Stappers
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Make-ECC-GOST-algorithm-12-optional-only.patch
Type: text/x-patch
Size: 2778 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20221115/533c63f2/attachment.bin>
More information about the Dnsmasq-discuss
mailing list