freeipa/ipaplatform/base
Stanislav Levin 5c907e34ae named: Allow using of a custom OpenSSL engine for BIND
For now Debian, Fedora, RHEL, etc. build BIND with 'native PKCS11'
support. Till recently, that was the strict requirement of DNSSEC.
The problem is that this restricts cross-platform features of FreeIPA.

With the help of libp11, which provides `pkcs11` engine plugin for
the OpenSSL library for accessing PKCS11 modules in a semi-
transparent way, FreeIPA could utilize OpenSSL version of BIND.

BIND in turn provides ability to specify the OpenSSL engine on the
command line of `named` and all the BIND `dnssec-*` tools by using
the `-E engine_name`.

Fixes: https://pagure.io/freeipa/issue/8094
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-08-31 09:42:31 +03:00
..
__init__.py ipaplatform: Create separate module for platform files 2014-06-16 19:48:17 +02:00
constants.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
paths.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
services.py Add conditional restart (try-restart) capability to services 2019-11-07 13:00:15 -05:00
tasks.py Don't configure authselect in containers 2020-08-06 14:20:54 +02:00