openssl-1.0.1 bind-9.10.1 softhsm-1.3.7
sibu
sibxol at btconnect.com
Wed Oct 8 13:00:43 UTC 2014
On Wednesday 08 October 2014 10:28:44 sibu wrote:
> Greetings,
>
> I am new to this list. I am trying to compile bind-9.10.1 to use
> softhsm-1.3.7. My system has these
> --cpu amd64 2 ores
> --os blfs 64bit linux, gcc-4.8, openssl-1.0.1i
>
> I am using a recent version of openssl because of the recent news
> regarding the heartbeat bug )
>
> I fetched the latest pdf manual for bind-9.10.1; namely Bv9ARM.pdf
> from https://kb.isc.org/article/AA-01031
>
>
>
> section 3.11.3.4 of Bv9ARM.pdf building openssl for softhsm reads:-
> --pkll-libname=/path/to/libsofthsm.so
> --pk11-flavor=sign-only
>
>
> ( seems to be a recipe for openssl0.9.8y
>
> It does not seem to work with openssl-1.0.1i
> I tried the above and also
> --with-pkll-libname=/path/to/libsofthsm.so \
> --with-pk11-flavor=sign-only
>
> but configure failed ai all instances. Openssl compiles in all instances
> without the pk11 references.
>
> I would be grateful for some advice on how to build openssl-1.0.1i to
> work with bind-9.10.1 and softhsm-1.3.7
I beleive I may have fixed half the problem.
I found a patch for openssl-1.0.1h in bin/pkcs11 directory of the
bind-9.10.1 archive
the patching reported 1 out of 4 hunks rejected, the rejected is below:-
#-------------------------------------
--- util/mkdef.pl:1.7.2.1.4.1 Tue Jun 19 15:30:18 2012
+++ util/mkdef.pl Tue Jun 19 16:18:10 2012
@@ -236,6 +237,8 @@
elsif (/^no-jpake$/) { $no_jpake=1; }
elsif (/^no-srp$/) { $no_srp=1; }
elsif (/^no-sctp$/) { $no_sctp=1; }
+ elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
+ elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }
}
#-------------------------------------
THEN
in the openssl-1.0.1i directory I ran
./Configure linux-x86_64 \
--with-pkll-libname=/opt/dns/usr/lib/softhsm/libsofthsm.so \
--with-pk11-flavor=sign-only \
--prefix=/opt/dns/usr
I then ran make and make test successfully
Following the bind9 manual
I then ran apps/openssl engine pkcs11
################################################
running apps/openssl engine pkcs11
###############################################
WARNING: can't open config file: /opt/dns/usr/ssl/openssl.cnf
139752258475688:error:25066067:DSO support routines:DLFCN_LOAD:could not load
the shared
library:dso_dlfcn.c:187:filename(/opt/dns/usr/lib/engines/libpkcs11.so):
/opt/dns/usr/lib/engines/libpkcs11.so: cannot open shared object file: No such
file or directory
139752258475688:error:25070067:DSO support routines:DSO_load:could not load
the shared library:dso_lib.c:244:
139752258475688:error:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:eng_dyn.c:450:
139752258475688:error:2606A074:engine routines:ENGINE_by_id:no such
engine:eng_list.c:418:id=pkcs11
#################
I have no reference to /opt/dns/usr/lib/engines/libpkcs11.so in the
./Configure options and the reference to
/opt/dns/usr/lib/softhsm/libsofthsm.so seems to have been completely ignored.
Advice will be appreciated
sincerely
sibuXolo
More information about the bind-users
mailing list