On Sun, Jun 03, 2018 at 06:00:08AM +0000, Ondřej Surý wrote: > The PKCS#11 interface is very fragile, as the different vendors implement > different parts of the > standard, and BIND needs to be compiled with a specific PKCS#11 provider > defined at the > compile time. This is certainly suboptimal, and we are looking at ways how > to improve that.
My understanding was that you had to choose at compile time wether you needed PKCS#11 or OpenSSL, and that, even if you could link with a specific provider during the build, you could opt-out and start named with -E /path/to/engine.so. At least, it is the way it is done in the FreeBSD ports tree. -- Mathieu Arnold
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users