On Mon, 2015-06-08 at 16:30 +0200, Petr Spacek wrote:
> On 8.6.2015 16:24, Simo Sorce wrote:
> > On Mon, 2015-06-08 at 16:18 +0200, Petr Spacek wrote:
> >> Hello,
> >>
> >> Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40.
> >>
> >> SoftHSM 2.0.0rc1 was updates to these new constants to avoid collision with
> >> Blowfish mechanisms.
> >>
> >>
> >> Older code *cannot* work SoftHSM 2.0.0rc1 and newer.
> >>
> >> Symptoms include errors like this:
> >>
> >> On DNSSEC key master:
> >> ipa-ods-exporter: _ipap11helper.Error: Error at key wrapping: get buffer
> >> length: 0x70
> >>
> >> On DNSSEC replicas:
> >> ipa-dnskeysyncd: subprocess.CalledProcessError: Command
> >> ''/usr/libexec/ipa/ipa-dnskeysync-replica'' returned non-zero exit status 1
> >>
> > 
> > Does this affect domains where some replicas use older versions and some
> > replicas newer versions ? Or is this a purely local issues confined to a
> > specific replica ?
> 
> This should be just a local issue because LDAP stores named constants instead
> of numeric values.

Excellent, thanks.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to