Hey, >> I was to do it again I would take a look at p11-kit. There was talk of >> p11-kit working around the problem. >> >> http://lists.nominet.org.uk/pipermail/opendnssec-user/2011-April/001162.html > > Hi Casper! > > Thanks for the reference. I looked at the p11-kit, but this is rather > undocumented. I failed using it. > > Anybody had success in using p11-kit to proxy the HSM?
p11-kit has 0.x version numbers, and it shows. I just had to compile it under GnuTLS today, and it caused quite some ill-documented trouble. In the end, I had to do an awkward "export PKG_CONFIG_PATH=/usr/lib/.../pkgconfig/" to get it working. I am not sure where the fault lies, with GnuTLS or p11-kit. I had initially tried compiling p11-kit from source, but it did not come with a ./configure so I had to build that, leading to a chain of dependencies that were hard to meet on my target platform without diving deeper and deeper. If you want to live on the edge, you may want to go with p11-kit. If not, you might want to wait until it reaches 1.0 and is more friendly to build on various platforms, notably through ./configure scripts in tarballs. If you don't want users to download and compile your software from sourceā¦ then this is how to discourage them. These are coloured findings, I know; I had a nasty afternoon ;-) Be sure to counter me if you have had better experiences! Cheers, -Rick_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
