freeipa/ipaplatform/redhat
Stanislav Levin 5c907e34ae named: Allow using of a custom OpenSSL engine for BIND
For now Debian, Fedora, RHEL, etc. build BIND with 'native PKCS11'
support. Till recently, that was the strict requirement of DNSSEC.
The problem is that this restricts cross-platform features of FreeIPA.

With the help of libp11, which provides `pkcs11` engine plugin for
the OpenSSL library for accessing PKCS11 modules in a semi-
transparent way, FreeIPA could utilize OpenSSL version of BIND.

BIND in turn provides ability to specify the OpenSSL engine on the
command line of `named` and all the BIND `dnssec-*` tools by using
the `-E engine_name`.

Fixes: https://pagure.io/freeipa/issue/8094
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-08-31 09:42:31 +03:00
..
__init__.py Split off generic Red Hat-like platform code from Fedora platform code 2014-10-09 15:37:24 +02:00
authconfig.py ipa-client-install: use the authselect backup during uninstall 2020-07-30 13:10:39 +02:00
constants.py Don't hard-code client's TLS versions and ciphers 2019-12-02 16:48:07 +01:00
paths.py Use tasks to configure automount nsswitch settings 2019-08-28 22:15:50 -04:00
services.py named: Allow using of a custom OpenSSL engine for BIND 2020-08-31 09:42:31 +03:00
tasks.py Debian: write out only one CA certificate per file 2020-04-08 14:17:31 +03:00