On 8.6.2015 16:24, Simo Sorce wrote: > On Mon, 2015-06-08 at 16:18 +0200, Petr Spacek wrote: >> Hello, >> >> Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40. >> >> SoftHSM 2.0.0rc1 was updates to these new constants to avoid collision with >> Blowfish mechanisms. >> >> >> Older code *cannot* work SoftHSM 2.0.0rc1 and newer. >> >> Symptoms include errors like this: >> >> On DNSSEC key master: >> ipa-ods-exporter: _ipap11helper.Error: Error at key wrapping: get buffer >> length: 0x70 >> >> On DNSSEC replicas: >> ipa-dnskeysyncd: subprocess.CalledProcessError: Command >> ''/usr/libexec/ipa/ipa-dnskeysync-replica'' returned non-zero exit status 1 >> > > Does this affect domains where some replicas use older versions and some > replicas newer versions ? Or is this a purely local issues confined to a > specific replica ?
This should be just a local issue because LDAP stores named constants instead of numeric values. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code