NSUPDATE crypto failure
Summary
NSUPDATE returns dns_request_createvia: crypto failure
BIND version used
BIND 9.17.21 (Development Release) id:ffdb856 running on Linux x86_64 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Tue Dec 21 19:02:23 UTC 2021 built by make with '--disable-linux-caps' '--with-gssapi=no' '--with-tuning=small' '--with-libnghttp2=no' '--disable-doh' 'LDFLAGS=-L/usr/local/lib64/' 'CPPFLAGS=-I/usr/local/include/openssl' compiled by GCC 8.5.0 20210514 (Red Hat 8.5.0-4) compiled with OpenSSL version: OpenSSL 3.0.1 14 Dec 2021 linked to OpenSSL version: OpenSSL 3.0.1 14 Dec 2021 compiled with libuv version: 1.41.1 linked to libuv version: 1.41.1 compiled with libxml2 version: 2.9.7 linked to libxml2 version: 20907 compiled with zlib version: 1.2.11 linked to zlib version: 1.2.11 threads support is enabled
default paths: named configuration: /usr/local/etc/named.conf rndc configuration: /usr/local/etc/rndc.conf DNSSEC root key: /usr/local/etc/bind.keys nsupdate session key: /usr/local/var/run/named/session.key named PID file: /usr/local/var/run/named/named.pid named lock file: /usr/local/var/run/named/named.lock
Steps to reproduce
/usr/local/bin/nsupdate -DD -k bistruphave.key file
What is the current bug behavior?
setup_system() Creating key... Creating key... namefromtext keycreate reset_system() user_interaction() do_next_command() do_next_command() evaluate_update() update_addordelete() do_next_command() evaluate_update() update_addordelete() do_next_command() evaluate_update() update_addordelete() do_next_command() start_update() dns_request_createvia: crypto failure
What is the expected correct behavior?
No crypto failure
Additional information
When NSUPDATE is compiled with OpenSSL version 1.1.1 it works correctly.
With version 3.0.1 it fails, and no traffic is observed with tcpdump on the primary DNS server, which should receive the update.