X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.22 MIME-Version: 1.0 In-Reply-To: X-Spam-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.1 X-DCC--Metrics: post.isc.org 1102; Body=1 Fuz1=1 Fuz2=1 References: <530E0424.1030407@redhat.com> Message-ID: <53107FF3.3030202@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Organization: Red Hat X-RT-Original-Encoding: utf-8 Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id CE2012D20051 for ; Fri, 28 Feb 2014 12:24:35 +0000 (UTC) Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 2AB32C94B2 for ; Fri, 28 Feb 2014 12:24:23 +0000 (UTC) (envelope-from pspacek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.pao1.isc.org (Postfix) with ESMTP for ; Fri, 28 Feb 2014 12:24:22 +0000 (UTC) (envelope-from pspacek@redhat.com) Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s1SCOLlI005389 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 28 Feb 2014 07:24:22 -0500 Received: from pspacek.brq.redhat.com (pspacek.brq.redhat.com [10.34.4.156]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s1SCOJmq008991 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Fri, 28 Feb 2014 07:24:21 -0500 Delivered-To: bind9-bugs@bugs.isc.org Subject: Re: [ISC-Bugs #35465] --enable-native-pkcs11 doesn't work with SoftHSM User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 Return-Path: X-Original-To: bind9-bugs@bugs.isc.org Date: Fri, 28 Feb 2014 13:24:19 +0100 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org To: bind9-bugs@isc.org Content-Transfer-Encoding: 7bit From: Petr Spacek RT-Message-ID: Content-Length: 1123 On 27.2.2014 21:35, Francis Dupont via RT wrote: > On Wed Feb 26 15:11:58 2014, pspacek@redhat.com wrote: >> I'm trying to test BIND 9.10.0b1 with SoftHSM 1.3.3-4.fc20.x86_64 >> and it doesn't work. > > => it can't work: SoftHSM v1 (vs v2) doesn't implement > some required PKCS#11 mechanisms. > BTW the pkcs11-tokens application was created to check > this point. Great! I think this deserves *big fat* note in release notes. >> The same version of SoftHSM works with pkcs11-list from BIND 9.9.4-P2: > > => BIND 9.9.4 has no native PKCS#11 support so > can't be wrongly configured with a too incomplete > PKCS#11 provider... This could be also mentioned in release notes... > A question: do you believe we should covert > the failure into a warning for PKCS#11 tools? > It could be more user friendly but at another hand > if someone ignores the warning it won't change the > fact that *all* other tools will fail... Personally, I like verbose error messages. I think that it is not necessary to hide the underlying error code etc. Simply some additional text would help. Thank you for your time! -- Petr^2 Spacek