[OPENDNSSEC-904] autoconfigure fails to properly identify functions in ssl library - OpenDNSSEC

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0.3, 2.1.1, 2.3
Fix Version/s: 2.1.2, 2.3
Component/s: None
Labels:
None
Environment:

Debian Stretch amd64

OpenDNSSEC 2.0.4

SoftHSM2 2.2.0

Bind9 9.10.3

Description

I migrated my OpenDNSSEC environment from Debian jessie to Debian stretch.

In this step i had to migrate the SoftHSM and the sqlite3 database to the new versions.

Everything went well in the first steps, but when i start the ods-signerd i get some strange messages.

https://issues.opendnssec.org/browse/SUPPORT-216#

[xfrd] zone myzone request axfr to ::1
[xfrd] unable to sign request: tsig unknown algorithm hmac-sha256

In my addns.xml i have the following configuration

<snip>
<?xml version="1.0" encoding="UTF-8"?>
<Adapter>
        <DNS>
                <TSIG>
                        <Name>opendnssec-in</Name>
                        <Algorithm>hmac-sha256</Algorithm>
                        <Secret>my secret=</Secret>
                </TSIG>
                <TSIG>
                        <Name>opendnssec-out</Name>
                        <Algorithm>hmac-sha256</Algorithm>
                        <Secret>another secret=</Secret>
                </TSIG>
<snip>

The two hmac-sha256 keys also exist in the bind9 configuration.

This configuration worked well with my "old" OpenDNSSEC within Debian jessie. (i think it was version 1.4.8)

So i don't know why there is this strange message regarding hmac-sha256

Any help would be apreciated

Attachments

Issue Links

clones

SUPPORT-216 tsig unknown algorithm hmac-sha256

Closed

Activity

People

Assignee:: Berry van Halderen

Reporter:: Michael

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2017-07-20 14:01

Updated:: 2017-08-03 14:02

Resolved:: 2017-08-03 14:02