native pkcs#11 and dynamic signing issues
Arun N S
arun at arunns.com
Thu Jan 21 10:08:32 UTC 2016
Thanks for the response.
My understanding is that, when you use native pkcs#11 it is not dependent
on the openssl engine. But yes the bind is chrooted. I tried to run it
without chroot and still got the same issue. The private key reference file
created by dnsseckey-fromlabel has the Engine defined as "Engine:
cGtjczExAA=="
--
arun
On Thu, Jan 21, 2016 at 1:01 PM, Tony Finch <dot at dotat.at> wrote:
> Arun N S <arun at arunns.com> wrote:
> >
> > but with dynamic signing the logs were showing
> > "dns_dnssec_findmatchingkeys: error reading key file
> > Kexample.com.+008+01234.private: no engine"
> >
> > any idea?
>
> Wild guess (I know nothing about PKCS#11): are you running chrooted, and
> if so is the relevant OpenSSL engine plugin in usr/lib/engines in the
> chroot?
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> Forth, Tyne, Dogger: South 4 or 5, backing southeast 6 or 7, perhaps gale 8
> later. Moderate or rough, occasionally slight at first. Showers, then rain.
> Good, occasionally moderate.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160121/15adad56/attachment-0001.html>
More information about the bind-users
mailing list