On 2010/03/04 3:29, Evan Hunt wrote: > >> What version of the original OpenSolaris patch is the openssl-0.9.8l-patch in >> the 9.7.0 tarball based on? > > 2009-03-11. > > More specificaly, pkcs11_engine-0.9.8j.patch.2009-03-11, applied to 0.9.8k > as explained in http://blogs.sun.com/janp/entry/pkcs_11_engine_patch_for1.
Thank you, that makes diff-ing a bit easier. > >> What has been changed/added? > > Principally: > > 1) ability to access key by reference I've been looking at the BIND 9.7 patch and the 'original' OpenSolaris patch. The Solaris one has pretty decent key by reference support, but unfortunately it doesn't currently work with BIND 9.7. I was able to generate keys, but dnssec-signzone fails to find the private key when signing. I haven't looked to it in detail (yet), but at least one problem is that opensslrsa_isprivate doesn't recognize the key as private (looks like RSA_FLAG_EXT_PKEY is not set?). So how is the key by reference implemented/used in the BIND version? I don't see a clear distinction between session and token keys. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
