[MacPorts] #49007: openssh @7.1p1 +ldns SSHFP DNSSEC validation fails

Tue Nov 24 08:59:55 PST 2015

#49007: openssh @7.1p1 +ldns SSHFP DNSSEC validation fails
-------------------------------+----------------------
  Reporter:  scott-macports@…  |      Owner:  ionic@…
      Type:  defect            |     Status:  assigned
  Priority:  Normal            |  Milestone:
 Component:  ports             |    Version:  2.3.3
Resolution:                    |   Keywords:  haspatch
      Port:  openssh ldns      |
-------------------------------+----------------------

Comment (by dluke@…):

 Replying to [comment:4 scott-macports@…]:
 > I could, of course, submit a new interface to ldns that explicitly
 loaded default keys from /etc/trusted-key.key (or some other default), but
 then openssh couldn't use that interface until the new library version was
 available on any particular distribution (as a new api, it can't really be
 backported as fix to distributions using the current or older libraries),
 preventing a working openssh + ldns on those systems for some time...

 It makes the most sense (to me) to get a change like this accepted by ldns
 and openssh upstream, and then backport it to our release (if necessary
 because we don't want to wait for upstream to release new versions).

-- 
Ticket URL: <https://trac.macports.org/ticket/49007#comment:5>
MacPorts <https://www.macports.org/>
Ports system for OS X