rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Avoid conflicts between OpenSSL and native PKCS#11 

Do not set default engine when native module should be used.
This commit is contained in:
Petr Menšík 2019-08-27 20:46:46 +02:00
parent 01dd585828
commit c5d9a5c66a
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
bind-9.11-engine-pkcs11.patch Normal file
View File

@ -0,0 +1,27 @@
From 37f89ccfc439f8d86c401d9ae10e94e53b924961 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 27 Aug 2019 20:39:59 +0200
Subject: [PATCH] Do not set engine for native PKCS11
It resets already set lib_path to pkcs11, which is invalid in native
pkcs11 crypto. Engine has to be path to PKCS#11 module.
---
bin/named/include/named/globals.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
index eda2214..2a611d5 100644
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -160,7 +160,7 @@ EXTERN const char * ns_g_defaultdnstap INIT(NULL);
EXTERN const char * ns_g_username INIT(NULL);
-#if defined(USE_PKCS11)
+#if defined(USE_PKCS11) && !defined(PKCS11CRYPTO)
EXTERN const char * ns_g_engine INIT(PKCS11_ENGINE);
#else
EXTERN const char * ns_g_engine INIT(NULL);
--
2.20.1

3
bind.spec
View File

@ -116,6 +116,8 @@ Patch140:bind-9.11-rh1410433.patch
Patch145:bind-9.11-rh1205168.patch
# [ISC-Bugs #46853] commit cb616c6d5c2ece1fac37fa6e0bca2b53d4043098 ISC 4851
Patch149:bind-9.11-kyua-pkcs11.patch
# Avoid conflicts with OpenSSL PKCS11 engine
Patch150:bind-9.11-engine-pkcs11.patch
Patch153:bind-9.11-export-suffix.patch
Patch154:bind-9.11-oot-manual.patch
Patch155:bind-9.11-pk11.patch
@ -551,6 +553,7 @@ cp -r lib/isc{,-pkcs11}
cp -r lib/dns{,-pkcs11}
%patch136 -p1 -b .dist_pkcs11
%patch149 -p1 -b .kyua-pkcs11
%patch150 -p1 -b .engine-pkcs11
%endif
%if %{with SDB}