+--On 17 mars 2014 18:56:25 +0200 Mark Elkins <m...@posix.co.za> wrote: | On Wed, 2014-02-26 at 00:55 +0000, Michael McNally wrote: |> A new compile-time option, "configure --enable-native-pkcs11", |> allows the BIND 9 cryptography functions to use the PKCS#11 API |> natively, so that BIND can drive a cryptographic hardware service |> module (HSM) directly instead of using a modified OpenSSL as an |> intermediary. This has been tested with the Thales nShield HSM |> and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031] | | | Has anyone tried this yet? - either using SoftHSM or a Thales HSM? | | I have access to a totally unconfigured Thales netShield Connect 500. | | Without reading *all* the manuals - anyone have a HowTo setup to make | one of these beasties talk PKCS#11... a Goto page XX is acceptable..
For the FreeBSD port for 9.10 that I'm currently writing (as the beta comes out) it seems you can only build it either with openssl or with native-pkcs11, which is a bit strange. As for trying it, no, making it compile is already somewhat a challenge... -- Mathieu Arnold _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
