PKCS#11 vs OpenSSL (BIND Future Development Question)
mat at FreeBSD.org
Mon Jun 4 08:21:39 UTC 2018
On Sun, Jun 03, 2018 at 06:00:08AM +0000, Ondřej Surý wrote:
> The PKCS#11 interface is very fragile, as the different vendors implement different parts of the
> standard, and BIND needs to be compiled with a specific PKCS#11 provider defined at the
> compile time. This is certainly suboptimal, and we are looking at ways how to improve that.
My understanding was that you had to choose at compile time wether you
needed PKCS#11 or OpenSSL, and that, even if you could link with a
specific provider during the build, you could opt-out and start named
with -E /path/to/engine.so. At least, it is the way it is done in the
FreeBSD ports tree.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: not available
More information about the bind-users