openssl-1.0.1 bind-9.10.1 softhsm-1.3.7

sibu sibxol at btconnect.com
Wed Oct 8 13:00:43 UTC 2014 

On Wednesday 08 October 2014 10:28:44 sibu wrote:
> Greetings,
> 
> I am new to this list.  I am trying to compile bind-9.10.1 to use
> softhsm-1.3.7.  My system has these
> --cpu amd64 2 ores
> --os blfs 64bit linux, gcc-4.8, openssl-1.0.1i
> 
>  I am using a recent version of openssl because  of  the recent   news
> regarding the heartbeat bug )
> 
> I fetched   the latest pdf manual for bind-9.10.1; namely Bv9ARM.pdf
> from  https://kb.isc.org/article/AA-01031
> 
> 
> 
> section 3.11.3.4 of Bv9ARM.pdf building openssl for softhsm  reads:-
> --pkll-libname=/path/to/libsofthsm.so
> --pk11-flavor=sign-only
> 
> 
> ( seems to be a recipe for openssl0.9.8y
> 
> It does not seem to work with  openssl-1.0.1i
> I tried  the above and also
> --with-pkll-libname=/path/to/libsofthsm.so \
> --with-pk11-flavor=sign-only
> 
> but configure failed  ai all instances.  Openssl compiles in all instances
> without the pk11 references.
> 
> I would be grateful for some advice   on how to build openssl-1.0.1i  to
> work with bind-9.10.1  and softhsm-1.3.7

I beleive I may have fixed half the problem.

I found a patch for openssl-1.0.1h in bin/pkcs11  directory  of the 
bind-9.10.1 archive
the patching  reported 1 out of 4 hunks rejected,  the rejected is below:-

#-------------------------------------
--- util/mkdef.pl:1.7.2.1.4.1	Tue Jun 19 15:30:18 2012
+++ util/mkdef.pl	Tue Jun 19 16:18:10 2012
@@ -236,6 +237,8 @@
 	elsif (/^no-jpake$/)	{ $no_jpake=1; }
 	elsif (/^no-srp$/)	{ $no_srp=1; }
 	elsif (/^no-sctp$/)	{ $no_sctp=1; }
+	elsif (/^no-hw-pkcs11ca$/) { $no_pkcs11ca=1; }
+	elsif (/^no-hw-pkcs11so$/) { $no_pkcs11so=1; }


 	}
#-------------------------------------


THEN
in the openssl-1.0.1i directory I ran
./Configure linux-x86_64 \
--with-pkll-libname=/opt/dns/usr/lib/softhsm/libsofthsm.so \
--with-pk11-flavor=sign-only \
--prefix=/opt/dns/usr


I then ran make and make test successfully



Following the bind9 manual 
I then ran apps/openssl engine pkcs11
################################################
 running apps/openssl engine pkcs11 
###############################################

WARNING: can't open config file: /opt/dns/usr/ssl/openssl.cnf
139752258475688:error:25066067:DSO support routines:DLFCN_LOAD:could not load 
the shared 
library:dso_dlfcn.c:187:filename(/opt/dns/usr/lib/engines/libpkcs11.so): 
/opt/dns/usr/lib/engines/libpkcs11.so: cannot open shared object file: No such 
file or directory
139752258475688:error:25070067:DSO support routines:DSO_load:could not load 
the shared library:dso_lib.c:244:
139752258475688:error:260B6084:engine routines:DYNAMIC_LOAD:dso not 
found:eng_dyn.c:450:
139752258475688:error:2606A074:engine routines:ENGINE_by_id:no such 
engine:eng_list.c:418:id=pkcs11
#################


I have no reference to  /opt/dns/usr/lib/engines/libpkcs11.so  in the 
./Configure options and  the reference to  
/opt/dns/usr/lib/softhsm/libsofthsm.so seems to have been completely ignored.


Advice will be appreciated

sincerely
sibuXolo

More information about the bind-users mailing list