diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2011-07-16 11:12:09 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2011-07-16 11:12:09 +0000 |
| commit | 7afecc12f4d7b56f03438d5f41b837b9696f0a94 (patch) | |
| tree | 7873e6a2dac5f9ddbfefa3b07f3cf0570f682321 /contrib/bind9/README.pkcs11 | |
| parent | a9285ae5c428d2017b1b907b8403ebe30f369bec (diff) | |
| parent | 473038528ab5bd55332138ebf791ab91a25f747b (diff) | |
Upgrade to version 9.8.0-P4
This version has many new features, see /usr/share/doc/bind9/README
for details.
Notes
Notes:
svn path=/head/; revision=224092
Diffstat (limited to 'contrib/bind9/README.pkcs11')
| -rw-r--r-- | contrib/bind9/README.pkcs11 | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/contrib/bind9/README.pkcs11 b/contrib/bind9/README.pkcs11 deleted file mode 100644 index b58640de1c5a..000000000000 --- a/contrib/bind9/README.pkcs11 +++ /dev/null @@ -1,61 +0,0 @@ - - BIND-9 PKCS#11 support - -Prerequisite - -The PKCS#11 support needs a PKCS#11 OpenSSL engine based on the Solaris one, -released the 2007-11-21 for OpenSSL 0.9.8g, with a bug fix (call to free) -and some improvements, including user friendly PIN management. - -Compilation - -"configure --with-pkcs11 ..." - -PKCS#11 Libraries - -Tested with Solaris one with a SCA board and with openCryptoki with the -software token. - -OpenSSL Engines - -With PKCS#11 support the PKCS#11 engine is statically loaded but at its -initialization it dynamically loads the PKCS#11 objects. -Even the pre commands are therefore unused they are defined with: - SO_PATH: - define: PKCS11_SO_PATH - default: /usr/local/lib/engines/engine_pkcs11.so - MODULE_PATH: - define: PKCS11_MODULE_PATH - default: /usr/lib/libpkcs11.so -Without PKCS#11 support, a specific OpenSSL engine can be still used -by defining ENGINE_ID at compile time. - -PKCS#11 tools - -The contrib/pkcs11-keygen directory contains a set of experimental tools -to handle keys stored in a Hardware Security Module at the benefit of BIND. - -The patch for OpenSSL 0.9.8g is in this directory. Read its README.pkcs11 -for the way to use it (these are the original notes so with the original -path, etc. Define OPENCRYPTOKI to use it with openCryptoki.) - -PIN management - -With the just fixed PKCS#11 OpenSSL engine, the PIN should be entered -each time it is required. With the improved engine, the PIN should be -entered the first time it is required or can be configured in the -OpenSSL configuration file (aka. openssl.cnf) by adding in it: - - at the beginning: - openssl_conf = openssl_def - - at any place these sections: - [ openssl_def ] - engines = engine_section - [ engine_section ] - pkcs11 = pkcs11_section - [ pkcs11_section ] - PIN = put__your__pin__value__here - -Note - -Some names here are registered trademarks, at least Solaris is a trademark -of Sun Microsystems Inc... |