Maintained by: NLnet Labs

What format does ub_ctx_add_ta expect?

Riccardo Spagni
Tue Jan 19 17:36:06 CET 2016


BUMP:)

On Sat, Jan 16, 2016 at 10:05 PM Riccardo Spagni <ric at spagni.net> wrote:

> Hi all,
>
>    We've been using ub_ctx_add_ta() in libunbound to manually include the
> root trust anchor in Monero (because there's no standard for storing the
> root trust anchor, and Windows users almost definitely won't have one).
> This worked for ages, but as of a few months ago the following error occurs:
>
> [1452966957] libunbound[15265:0] info: warning: unsupported algorithm for
> trust anchor . DNSKEY IN
> [1452966957] libunbound[15265:0] warning: trust anchor . has no supported
> algorithms, the anchor is ignored (check if you need to upgrade unbound and
> openssl)
>
>    We figured it would resolve itself with some future version of
> libunbound, but as of 1.5.8 (git head) from a few weeks ago it is still not
> working.
>
>    This is the hard-coded anchor:
> https://github.com/monero-project/bitmonero/blob/master/src/common/dns_utils.cpp#L87
>
>    And this is the snippet where we add the anchor using ub_ctx_add_ta():
> https://github.com/monero-project/bitmonero/blob/master/src/common/dns_utils.cpp#L229
>
>    Any suggestions? Is it expecting a different format for that anchor?
> Thanks!
>
> Riccardo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20160119/4559687b/attachment.html>