Compiling Unbound for algorithm 15 on Ubuntu 16.04

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Dec 7 09:27:46 UTC 2017


Hi Marco,

The right way is to use openssl 1.1.1, but it is maybe not available.

With libnettle, unbound has to compile --with-libunbound-only for it to
work.  But then you don't have the daemon.  So that was not what you
wanted, instead you wanted a very new openssl.

You can compile --with-ssl=<pathname of other openssl>, but then you'd
need to compile a different openssl and install it somewhere.  Because
of dynamic libraries, something like --enable-rpath is then good too (so
that the binary would find your custom compiled libraries, rpath is
disabled by default because that is nicer for installs).

Best regards, Wouter

On 07/12/17 10:07, Marco Davids (SIDN) via Unbound-users wrote:
> Hi,
> 
> I'd like to enable support for algorithm 15 (ED25519) with Unbound on
> Ubuntu 16.04. Algo 16 (ED448) too, but that may not be possible.
> 
> Apparently I need OpenSSL 1.1.1, which is not present on Ubuntu 16.04,
> or libnettle (as indicated on https://ed25519.nl/).
> 
> So, I tried:
> 
> ./configure --enable-ed25519 --with-nettle
> 
> The compile fails (see attachment for errors).
> 
> I must be doing something wrong here. Any help is appreciated.
> 
> Example domains:
>   ed25519.nl (algo 15)
>   dnssec-check.nl (algo 16)
> 
> Source: Unbound 1.6.7
> OS: Ubuntu 16.04.3 LTS
> nettle-dev 3.2-1ubuntu0.16.04.1
> openssl 1.0.2g-1ubuntu4.9
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20171207/4639f99c/attachment.bin>


More information about the Unbound-users mailing list