libunbound-dev package on Ubuntu 20 does not validate ed25519/ed448

Asked by Matthew Zipkin

See https://github.com/NLnetLabs/unbound/issues/542

Ubuntu 20 ("focal") comes with OpenSSL version 1.1.1 and has available libunbound-dev version 1.9.4

OpenSSL version 1.1.1 provides support for ed25519 and ed448

However, I am an unable to validate these DNSSEC algorithms with this configuration.

Unbound should support those algorithms if it is built on a system where OpenSSL supports those algortihms: (unbound release notes) (related issue).

This makes me wonder if the Ubuntu package maintainer either accidentally or for-some-reason on purpose disabled those algorithms in the libunbound-dev package available for that version of Ubuntu?

I contribute to a nodejs package that binds to libunbound-dev and I noticed this issue testing on Ubuntu 20 both locally and on Github Actions where 20 is the latest Ubuntu version available.

I was able to fix our CI tests by installing libunbound from source as part of the CI action and now our ed25519 and ed448 tests pass.

Links:

https://packages.ubuntu.com/search?keywords=openssl&searchon=names&suite=focal&section=all

https://packages.ubuntu.com/search?keywords=libunbound&searchon=names&suite=focal&section=all

http://manpages.ubuntu.com/manpages/focal/en/man7/Ed448.7ssl.html

https://www.nlnetlabs.nl/news/2018/May/03/unbound-1.7.1-released/

https://github.com/NLnetLabs/unbound/issues/271

https://github.com/chjj/unbound

https://github.com/chjj/bns/pull/32/commits/bfa401650ca51c35c30d6e1df8d228ad05ccb875

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu unbound Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said :
#1

There is no "Ubuntu 20".
The release named focal is Ubuntu 20.04, not to be confused with Ubuntu 20.10 (groovy).
see https://wiki.ubuntu.com/Releases and https://ubuntu.com/about/release-cycle

Revision history for this message
Bernard Stafford (bernard010) said (last edit ):
#2

Can you help with this problem?

Provide an answer of your own, or ask Matthew Zipkin for more information if necessary.

To post a message you must log in.