SUBNET_OBJ
SSLLIB
HAVE_SSL
+PC_CRYPTO_DEPENDENCY
CONFIG_DATE
NETBSD_LINTFLAGS
PYUNBOUND_UNINSTALL
fi
LIBS="$LIBS -lnss3 -lnspr4"
SSLLIB=""
+ PC_CRYPTO_DEPENDENCY="nss nspr"
+
fi
fi
LIBS="$LIBS -lhogweed -lnettle -lgmp"
SSLLIB=""
+ PC_CRYPTO_DEPENDENCY="hogweed nettle"
+
fi
conftest$ac_exeext conftest.$ac_ext
SSLLIB="-lssl"
+PC_CRYPTO_DEPENDENCY="libcrypto libssl"
+
+
# check if -lcrypt32 is needed because CAPIENG needs that. (on windows)
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
use_dsa="no"
case "$enable_dsa" in
- no)
- ;;
- *)
+ yes)
# detect if DSA is supported, and turn it off if not.
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new"
fi
;;
+ *)
+ # disable dsa by default, RFC 8624 section 3.1, validators MUST NOT
+ # support DSA for DNSSEC Validation.
+ ;;
esac
# Check whether --enable-ed25519 was given.
date=`date +'%b %e, %Y'`
-ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service"
+ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_nochroot.service"
ac_config_headers="$ac_config_headers config.h"
"contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;;
"contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;;
"contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;;
+ "contrib/unbound_nochroot.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound_nochroot.service" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support]))
use_dsa="no"
case "$enable_dsa" in
- no)
- ;;
- *)
+ yes)
# detect if DSA is supported, and turn it off if not.
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
AC_CHECK_FUNC(DSA_SIG_new, [
AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
fi
;;
+ *)
+ # disable dsa by default, RFC 8624 section 3.1, validators MUST NOT
+ # support DSA for DNSSEC Validation.
+ ;;
esac
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support]))
27 January 2020: Wouter
- Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes
to Libs/Requires for crypto library dependencies.
+ - Fix #153: Disable validation for DSA algorithms. RFC 8624
+ compliance.
23 January 2020: Wouter
- Merge PR#150 from Frzk: Systemd unit without chroot. It add
projects / thirdparty / unbound.git / commitdiff
