CC: undisclosed-recipients: ;
MIME-Version: 1.0
In-Reply-To: <rt-3.8.6-58876-1393427518-850.35465-3-0@isc.org>
Content-Disposition: inline
References: <RT-Ticket-35465@isc.org> <530E0424.1030407@redhat.com> <rt-3.8.6-58876-1393427518-850.35465-3-0@isc.org>
Message-ID: <20140226160929.GC38980@isc.org>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.48.19]) by bugs.isc.org (Postfix) with ESMTP id ADA5E2D20051 for <bind9-bugs@bugs.isc.org>; Wed, 26 Feb 2014 16:09:29 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id A2351216C3B; Wed, 26 Feb 2014 16:09:29 +0000 (UTC)
Delivered-To: bind9-bugs@bugs.isc.org
User-Agent: Mutt/1.4.2.3i
Subject: Re: [ISC-Bugs #35465] --enable-native-pkcs11 doesn't work with SoftHSM
Return-Path: <each@isc.org>
X-Original-To: bind9-bugs@bugs.isc.org
Date: Wed, 26 Feb 2014 16:09:29 +0000
To: Petr Spacek via RT <bind9-bugs@isc.org>
From: Evan Hunt <each@isc.org>
RT-Message-ID: <rt-3.8.6-58876-1393430970-1423.35465-0-0@isc.org>
Content-Length: 416


Native PKCS#11 requires SoftHSM version 2, which you can clone from
their git repository at https://github.com/opendnssec/SoftHSMv2.git.

To use SoftHSM version 1, you need to use the old-style PKCS#11
code with the OpenSSL shim.

If OpenSSL-based PKCS#11 isn't working with version 1 and/or native
isn't working with version 2, then we do have a problem.  Can you
confirm whether those combinations are failing?