running named built with --enable-native-pkcs11 without HSM provider library

Tomas Hozza thozza at
Wed Aug 6 15:51:02 UTC 2014


I'm trying to figure out how can named be built with --enable-native-pkcs11
and run without the PKCS#11 provider library.

Our use-case is that given how OpenSSL does not support PKCS#11 properly,
we would like to use the the native-pkcs11 if using some HSM, but by default
run named without the need to have HSM. In case not having HSM, use OpenSSL
for example.

Right now it is not possible, and when named is built with --enable-native-pkcs11
it can not run without HSM and some PKCS#11 provider library.

Would it be possible to make named to operate in a manner described in the previous

Thanks in advance.

Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

Red Hat Inc.                     

More information about the bind-users mailing list