BIND 9.10.0b1 is now available
Mathieu Arnold
mat at FreeBSD.org
Mon Mar 17 19:29:38 UTC 2014
+--On 17 mars 2014 17:51:33 +0000 Evan Hunt <each at isc.org> wrote:
| This new code uses pkcs11 for all crypto, instead of using openssl as a
| shim. So yes, you can build with either native pkcs11 or openssl, but
| not both.
Hum, so, it will also use pkcs11 for dnssec validation too ? (Sorry if this
seems a silly question.)
Also, from your example, it seems the pkcs11 library is a build time thing,
could it be a runtime configuration so that we can provide an agnostic
package and then you just need to point BIND to the right .so in its
configuration ?
And does OpenSSL provide a pkcs11 interface ? (To know if I could switch
the default BIND package from using openssl to using openssl through pkcs11)
Regards,
--
Mathieu Arnold
More information about the bind-users
mailing list