Maintained by: NLnet Labs

[Unbound-users] Compile ldns 1.6.16/unbound 1.4.19 on Solaris 10.

Luther, Dan
Sat Dec 15 19:49:37 CET 2012


Compiling with default SSL under Solaris can be tricky, and rather than let Oracle keep up with patches, I downloaded and used my own OpenSSL. I *almost* got a 64-bit compile to work with OpenSSL and GCC, but failed and had to settle with 32 bit (BTW, if anyone has had success compiling OpenSSL with GCC on a Solaris10/Sparc architecture *and* make it work, I'd like to talk with you!)

To get around the default SSL and make sure I didn't break anything in production, I downloaded and installed OpenSSL to a separate directory:

   $ ./Configure --openssldir=/usr/local/openssl shared threads solaris-sparcv9-gcc

(Note -- if you're not using Sparc/sun4u/sun4v architecture, you'll need to fix that last bit to match your architecture)

I downloaded "libevent-2.0.20-stable" and configured with:

   $ ./configure --with-openssl=/usr/local/openssl

And of course, "ldns":

  $ ./configure --with-ssl=/usr/local/openssl

Finally unbound-1.4.18:

   $ ./configure --prefix=/usr/local/dns --with-ssl=/usr/local/openssl --with-solaris-threads \ 
                 --with-username=dns --disable-rpath --with-libevent --with-chroot-dir= \
                 --enable-shared --enable-largefile

The only bad part of this is you must specify the "LD_LIBRARY_PATH" so unbound knows where the new OpenSSL libraries are:

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/openssl/lib

Hope this helps.

Dan Luther
Operations Engineer
Systems Operation Engineering 
Level 3 Communications
One Technology Center, Tulsa OK 74103
p: 918-547-4370
e: dan.luther at

-----Original Message-----
From: unbound-users-bounces at [mailto:unbound-users-bounces at] On Behalf Of Simon-Bernard Drolet
Sent: Friday, December 14, 2012 3:52 PM
To: unbound-users at
Subject: [Unbound-users] Compile ldns 1.6.16/unbound 1.4.19 on Solaris 10.


I'm trying to update my libevent, ldns and unbound package.

I'm configuring the compile like this: (because of default ssl in Solaris 10).

# ./configure --disable-sha2 --disable-gost --disable-ecdsa

While trying to compile ldns, I get this:

# gmake
./libtool --tag=CC --quiet --mode=compile gcc -I. -I. -DHAVE_CONFIG_H -Wwrite-strings -W -Wall -O2 -g -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE -I/usr/sfw/include -c ./dane.c -o dane.lo
./dane.c: In function `ldns_dane_cert2rdf':
./dane.c:122: error: `SHA256_DIGEST_LENGTH' undeclared (first use in this function)
./dane.c:122: error: (Each undeclared identifier is reported only once
./dane.c:122: error: for each function it appears in.)
./dane.c:137: error: `SHA512_DIGEST_LENGTH' undeclared (first use in this function)
./dane.c: In function `ldns_dane_get_nth_cert_from_validation_chain':
./dane.c:293: warning: implicit declaration of function `X509_check_ca'
gmake: *** [dane.lo] Error 1

Any pointers ?

It was ok in 1.6.13... But I get the same error with 1.6.14, 1.6.15 and 1.6.16... With the dane.c file...


Simon-Bernard Drolet, SPecialiste X Inc., 514.247.6741 Simon.Bernard.Drolet<at>gmail(dot)com, Senior Solaris Contractor, Canada

Unbound-users mailing list
Unbound-users at