running named built with --enable-native-pkcs11 without HSM provider library
Tomas Hozza
thozza at redhat.com
Wed Aug 6 15:51:02 UTC 2014
Hello.
I'm trying to figure out how can named be built with --enable-native-pkcs11
and run without the PKCS#11 provider library.
Our use-case is that given how OpenSSL does not support PKCS#11 properly,
we would like to use the the native-pkcs11 if using some HSM, but by default
run named without the need to have HSM. In case not having HSM, use OpenSSL
for example.
Right now it is not possible, and when named is built with --enable-native-pkcs11
it can not run without HSM and some PKCS#11 provider library.
Would it be possible to make named to operate in a manner described in the previous
section?
Thanks in advance.
Regards,
--
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience
PGP: 1D9F3C2D
Red Hat Inc. http://cz.redhat.com
More information about the bind-users
mailing list