running named built with --enable-native-pkcs11 without HSM provider library
thozza at redhat.com
Wed Aug 6 15:51:02 UTC 2014
I'm trying to figure out how can named be built with --enable-native-pkcs11
and run without the PKCS#11 provider library.
Our use-case is that given how OpenSSL does not support PKCS#11 properly,
we would like to use the the native-pkcs11 if using some HSM, but by default
run named without the need to have HSM. In case not having HSM, use OpenSSL
Right now it is not possible, and when named is built with --enable-native-pkcs11
it can not run without HSM and some PKCS#11 provider library.
Would it be possible to make named to operate in a manner described in the previous
Thanks in advance.
Software Engineer - EMEA ENG Developer Experience
Red Hat Inc. http://cz.redhat.com
More information about the bind-users