MIME-Version: 1.0
In-Reply-To: <rt-4.2.8-25287-1471959392-717.43093-0-0@isc.org>
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Disposition: inline
X-RT-Interface: Web
References: <RT-Ticket-43093@isc.org>
 <03637BE8BAAD41E05305FCC2@ogg.in.absolight.net>
 <rt-4.2.8-36130-1471957830-1974.43093-5-0@isc.org>
 <B801FF3BB7C68ABCFAA70CDF@ogg.in.absolight.net>
 <rt-4.2.8-25287-1471959392-717.43093-0-0@isc.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.2.8-36130-1471962704-883.43093-0-0@isc.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC:
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 1106

On Tue Aug 23 13:36:32 2016, mat@FreeBSD.org wrote:
> | (1) IMHO it is not a good idea to provide native PKCS#11 support
> | in the standard package...
>
> The native PKCS#11 support is provided as an option, and is not enabled by
> default, so it is not a problem, it is there so that people who need it can
> use it.

=> it will never work: PKCS#11 needs some parameters at configure
time so is not a proper candidate for packaging. And the last
improvements make this even worse (they introduce a dependency
on the name of the PKCS#11 provider, i.e., the library from the HSM
vendor which implements the PKCS#11 API).

> | (2) I'll download the Fedora 23 sources to see if the patch solves
> | a real/known/already-fixed issue.
> 
> Thanks, please let me know :-)

=> see my previous answer.

> | Note we merged a patch making the native PKCS#11 support more
> | flexible into 9.10 and 9.11 last week so if you find something wrong
> | please check against last versions.
> 
> I'll have a look.

=> read the new lib/isc/include/pk11/README.site to understand
what the native PKCS#11 support implies...