upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 07:40:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

pkcs11-provider project has new home

Browse source
This commit is contained in:
Michal Nowak 2026-03-25 10:47:42 +01:00
parent 617471d85d
commit bf56489c45
No known key found for this signature in database
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/arm/build.inc.rst
View file

@ -69,7 +69,7 @@ in a nonstandard location adjust ``PKG_CONFIG_PATH`` or use the option
``--pkg-config-path``.
To use a PKCS#11 hardware service module for cryptographic operations,
PKCS#11 Provider (https://github.com/latchset/pkcs11-provider/tree/main)
PKCS#11 Provider (https://github.com/openssl-projects/pkcs11-provider/tree/main)
must be compiled, configured and used directly in the OpenSSL 3.x.
The Userspace RCU library ``liburcu`` (https://liburcu.org/) is used

6
doc/arm/pkcs11.inc.rst
View file

@ -26,7 +26,7 @@ is specific to the HSM to be controlled.
BIND 9 accesses PKCS#11 libraries via OpenSSL Providers. The provider for
OpenSSL 3 and newer is `pkcs11-provider`_.
.. _`pkcs11-provider`: https://github.com/latchset/pkcs11-provider
.. _`pkcs11-provider`: https://github.com/openssl-projects/pkcs11-provider
In both cases the extension is dynamically loaded into OpenSSL and the HSM is
operated indirectly; any cryptographic operations not supported by the HSM can
@ -87,7 +87,7 @@ The canonical documentation for configuring pkcs11-provider is in the
`provider-pkcs11.7`_ manual page, but a copy of a working configuration is
provided here for convenience:
.. _`provider-pkcs11.7`: https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md
.. _`provider-pkcs11.7`: https://github.com/openssl-projects/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md
In this example, we use a custom copy of OpenSSL configuration,
driven by an environment variable called OPENSSL_CONF. First, copy the
@ -131,7 +131,7 @@ Add the following lines at the bottom of the file:
module = <PATHTO>/pkcs11.so
pkcs11-module-path = <FULL_PATH_TO_HSM_MODULE>
# bind uses the digest+sign api. this is broken with the default load behaviour,
# but works with early load. see: https://github.com/latchset/pkcs11-provider/issues/266
# but works with early load. see: https://github.com/openssl-projects/pkcs11-provider/issues/266
pkcs11-module-load-behavior = early
# no-deinit quirk is needed if you use softhsm2
#pkcs11-module-quirks = no-deinit