+--On 17 mars 2014 17:51:33 +0000 Evan Hunt <e...@isc.org> wrote:
| This new code uses pkcs11 for all crypto, instead of using openssl as a
| shim.  So yes, you can build with either native pkcs11 or openssl, but
| not both.

Hum, so, it will also use pkcs11 for dnssec validation too ? (Sorry if this
seems a silly question.)

Also, from your example, it seems the pkcs11 library is a build time thing,
could it be a runtime configuration so that we can provide an agnostic
package and then you just need to point BIND to the right .so in its
configuration ?

And does OpenSSL provide a pkcs11 interface ? (To know if I could switch
the default BIND package from using openssl to using openssl through pkcs11)

Regards,

-- 
Mathieu Arnold
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to