Bug 1020446 - Enable GOST (ECC based) algorithms for DNS resolving
Enable GOST (ECC based) algorithms for DNS resolving
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: unbound (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Paul Wouters
Fedora Extras Quality Assurance
: FutureFeature
Depends On: ecc
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-17 12:58 EDT by Paul Wouters
Modified: 2015-07-26 16:54 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-26 16:54:30 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Wouters 2013-10-17 12:58:56 EDT
Due to legal reasons, unbound was not allowed to be compiled with ghost support. It is compiled using --disable-gost

Some parts of ECC are now being allowed into fedora, but it is unclear whether GOST is an allowed ECC algorithm.

unbound itself provides not ECC - it depends on openssl to provode this.

See also bug#1019390
Comment 1 Jaroslav Reznik 2015-03-03 10:08:57 EST
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 2 Tomáš Hozza 2015-04-08 09:01:52 EDT
(In reply to Paul Wouters from comment #0)
> Due to legal reasons, unbound was not allowed to be compiled with ghost
> support. It is compiled using --disable-gost
> 
> Some parts of ECC are now being allowed into fedora, but it is unclear
> whether GOST is an allowed ECC algorithm.

Please note that ldns is compiled with GOST.
Comment 3 Paul Wouters 2015-04-27 13:51:37 EDT
I've rebuild ldns to enable ecdsa but disable gost.

note that ldns doesn't itself do GOST crypto, it uses openssl for that which never has contained gost code (I hope)

Note You need to log in before you can comment on or make changes to this bug.