On 2018-06-20 21:50, Dominique Douglas wrote:
> Thank you.
>
> When I tried to set BIND up with native pkcs#11 using just
> libcryptech-pkcs11.so, BIND gave me a warning that not everything had been
> implemented and couldn't be used for signing. 'pkcs11-list' worked, but gave
> that warning. I didn't test further so I'm not sure if 'dnssec-keyfromlabel'
> or 'dnssec-signzone' would have actually worked and just used the modified
> OpenSSL technique to fill in the gaps. I'll continue to test more
> configurations and document them though.
right so it may be a better strategy to look at implementing those calls
in our p11 library
could you drop in pkcs11-spy (a shim p11 library that logs all calls)
and figure out which calls we're missing?
Cheers Leif
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech
