Roman Serbski via Opendnssec-user writes:
> Hello,
>
> It's probably more FreeBSD related, but any hints would be greatly
> appreciated.
Yeah, you cab kind of blame FreeBSD.
The port uses an old version of botan, and apparently not a lot of
people uses softhsm2 with botan. I actually don't know whether
softhsm still uses botan, it might even be deprecated.
You can recomplie the port using the default crypto library (OpenSSL).
jaap
>
> I'm trying to migrate from SoftHSM 1.3.8 to 2.5.0 under FreeBSD
> 12.0-RELEASE-p9 and I get the following error whenever I try to
> execute softhsm2-util:
>
> $ softhsm2-util --init-token --slot 0 --label "OpenDNSSEC" --pin XXXX
>
> ERROR: Could not load the PKCS#11 library/module:
> /usr/local/lib/softhsm/libsofthsm2.so: Undefined symbol
> "_ZN17BotanEDPrivateKeyD1Ev"
> ERROR: Please check log files for additional information.
>
> Same error with 'softhsm2-migrate --db /var/lib/softhsm/slot0.db --pin
> XXXX --slot 0'.
>
> $ uname -a
> FreeBSD srv-sign 12.0-RELEASE-p9 FreeBSD 12.0-RELEASE-p9 r350672 BSD122019
> amd64
>
> $ pkg info | grep -i 'softhsm\|botan'
> botan110-1.10.17_1 Portable, easy to use, and efficient
> C++ crypto library
> softhsm-1.3.8 Software implementation of a Hardware
> Security Module (HSM)
> softhsm2-2.5.0_2 Software implementation of a Hardware
> Security Module (HSM)
>
> $ softhsm --show-slots
> Available slots:
> Slot 0
> Token present: yes
> Token initialized: yes
> User PIN initialized: yes
> Token label: OpenDNSSEC
>
> $ cat /usr/local/etc/softhsm.conf
> 0:/var/lib/softhsm/slot0.db
>
> $ cat /usr/local/etc/softhsm2.conf
> directories.tokendir = /var/lib/softhsm/tokens/
> objectstore.backend = file
> log.level = ERROR
> slots.removable = false
>
> The directory /var/lib/softhsm/tokens/ does exist with the correct
> access rights.
>
> $ ldd /usr/local/bin/softhsm2-util
> /usr/local/bin/softhsm2-util:
> libbotan-1.10.so.1 => /usr/local/lib/libbotan-1.10.so.1 (0x8002ca000)
> libsqlite3.so.0 => /usr/local/lib/libsqlite3.so.0 (0x800587000)
> libc++.so.1 => /usr/lib/libc++.so.1 (0x800725000)
> libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x8007f4000)
> libm.so.5 => /lib/libm.so.5 (0x800815000)
> libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x800847000)
> libc.so.7 => /lib/libc.so.7 (0x80085f000)
> libbz2.so.4 => /usr/lib/libbz2.so.4 (0x800c44000)
> libcrypto.so.111 => /lib/libcrypto.so.111 (0x800c59000)
> libgmp.so.10 => /usr/local/lib/libgmp.so.10 (0x800f46000)
> libthr.so.3 => /lib/libthr.so.3 (0x800fca000)
> libz.so.6 => /lib/libz.so.6 (0x800ff5000)
>
> $ ls -al /usr/local/lib/libbotan-1.10.*
> -rw-r--r-- 1 root wheel 7295568 May 22 2019
> /usr/local/lib/libbotan-1.10.a
> lrwxr-xr-x 1 root wheel 21 May 22 2019
> /usr/local/lib/libbotan-1.10.so -> libbotan-1.10.so.1.17
> lrwxr-xr-x 1 root wheel 21 May 22 2019
> /usr/local/lib/libbotan-1.10.so.1 -> libbotan-1.10.so.1.17
> -rwxr-xr-x 1 root wheel 3326768 May 22 2019
> /usr/local/lib/libbotan-1.10.so.1.17
>
> Thank you in advance.
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user@lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
