ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

[master] native PKCS#11 support

Browse Source 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
This commit is contained in:
Evan Hunt
2014-01-14 15:40:56 -08:00
parent 1f4c645185
commit ba751492fc
244 changed files with 20979 additions and 3294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/dnssec/prereq.sh
View File

@@ -23,6 +23,7 @@ if $KEYGEN -q -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
then
rm -f Kfoo*
else
echo "I:This test requires that --with-openssl was used." >&2
echo "I:This test requires cryptography" >&2
echo "I:--with-openssl, or --with-pkcs11 and --enable-native-pkcs11" >&2
exit 1
fi