mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-25 00:51:21 +00:00
Code Issues Releases Activity
2fefd9560a
freebsd-ports/dns/bind910/pkg-help
Mathieu Arnold 3d3897ed7d Fix build with GOST (on 10, base OpenSSL doesn't have it) 
Make sure OpenSSL from ports is used < 10.

Sponsored by:	Absolight
2014-05-17 21:30:24 +00:00

24 lines
973 B
Plaintext
Raw Blame History

When using the NATIVE_PKCS11 option, BIND will use the PKCS#11
engine specified by the named_pkcss11_engine variable in
/etc/rc.conf for *all* crypto operations.
This is primarily intended to be used in an authoritative
case.
If BIND will also be operating as a validating resolver,
NATIVE_PKCS11 should not be used, because the HSM will be
used for DNSSEC validations, and the HSM is likely to be
slower than the CPU for this purpose. Additionally, the HSM
might not support all of the PKCS#11 API functions needed
for signature verification.
GOST
If using a chrooted instance of BIND, the OpenSSL engines
need to be accessible from within the chroot. If BIND
is chrooted in /var/named, this can be achieved by either
copying content of /usr/local/lib/engines into
/var/named/usr/local/lib/engines, or by creating that
directory and adding this line to /etc/fstab:
/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0
Reference in New Issue View Git Blame Copy Permalink