mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
5c907e34ae
For now Debian, Fedora, RHEL, etc. build BIND with 'native PKCS11' support. Till recently, that was the strict requirement of DNSSEC. The problem is that this restricts cross-platform features of FreeIPA. With the help of libp11, which provides `pkcs11` engine plugin for the OpenSSL library for accessing PKCS11 modules in a semi- transparent way, FreeIPA could utilize OpenSSL version of BIND. BIND in turn provides ability to specify the OpenSSL engine on the command line of `named` and all the BIND `dnssec-*` tools by using the `-E engine_name`. Fixes: https://pagure.io/freeipa/issue/8094 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
15 lines
290 B
Plaintext
15 lines
290 B
Plaintext
# OpenSSL configuration file
|
|
# File generated by IPA instalation
|
|
openssl_conf = openssl_init
|
|
|
|
[openssl_init]
|
|
engines = engine_section
|
|
|
|
[engine_section]
|
|
$OPENSSL_ENGINE = ${OPENSSL_ENGINE}_section
|
|
|
|
[${OPENSSL_ENGINE}_section]
|
|
engine_id = $OPENSSL_ENGINE
|
|
MODULE_PATH = $SOFTHSM_MODULE
|
|
init=0
|