Bug 1668398
| Summary: | bind dst library breaks ssl in client applications (dhcp) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Pavel Zhukov <pzhukov> |
| Component: | bind | Assignee: | Petr Menšík <pemensik> |
| Status: | CLOSED DUPLICATE | QA Contact: | qe-baseos-daemons |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.6 | CC: | pemensik |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-03-18 11:33:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1613174 | ||
|
Description
Pavel Zhukov
2019-01-22 16:15:54 UTC
This seems to be variant of bug #1668682 for RHEL7. It still resets default random generator from OpenSSL with custom generator based on SHA1 from BIND. Because it should be rebased to the same version, the same solution should be used if possible. It is initialized from lib/dns/openssl_link.c, dst__openssl_init(). If ENGINE_get_default_RAND() does return non-NULL value, it should not replace it. It might be possible to workaround this from DHCP, if it did call ENGINE_set_default_RAND(). There is no way to set it by current BIND library API on library initialization. dst_lib_init2 could be used to pass engine name from dns_lib_init(), currently it is always NULL. *** This bug has been marked as a duplicate of bug 1685940 *** |