Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Message-ID: <rt-4.4.1-21730-1512315249-1882.46749-0-0@isc.org>
X-RT-Interface: Web
X-Mailer: MIME-tools 5.508 (Entity 5.508)
References: <RT-Ticket-46749@isc.org>
 <20171202142323.GA20227@jurassic.lan.banu.com>
 <rt-4.4.1-34262-1512224618-1050.46749-3-0@isc.org>
 <20171203015127.GA13120@isc.org>
 <20171203040422.GA28025@jurassic.lan.banu.com>
 <rt-4.4.1-36279-1512273873-200.46749-4-0@isc.org>
 <20171203071312.GA16117@isc.org>
 <rt-4.4.1-34262-1512285195-885.46749-5-0@isc.org>
 <20171203080417.GA30282@jurassic.lan.banu.com>
 <rt-4.4.1-21730-1512288273-433.46749-0-0@isc.org>
Content-Type: text/plain; charset="utf-8"
In-Reply-To: <rt-4.4.1-21730-1512288273-433.46749-0-0@isc.org>
MIME-Version: 1.0
Content-Disposition: inline
RT-Send-CC:
Content-Length: 604

On Sun Dec 03 08:04:33 2017, muks wrote:
> Francis also came back to me with similar arguments about OpenSSL
> PKCS #11 support. I have checked that his specific claims are untrue.
> 
> If you can list things that don't work, I can check these too.
> 
> Look at: https://github.com/OpenSC/libp11
> 
> This is the better way to install a PKCS #11 OpenSSL engine, not our
> OpenSSL patching and custom build method.

=> libp11 did not support fetch per key label the last time
I looked the code. BTW it is simple to check: build  bind with it
and verify dnssec-keyfromlabel does what it is expected to do.