Avoid conflicts between OpenSSL and native PKCS#11
Do not set default engine when native module should be used.
This commit is contained in:
Petr Menšík
parent
01dd585828
commit
c5d9a5c66a
27
bind-9.11-engine-pkcs11.patch
Normal file
27
bind-9.11-engine-pkcs11.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From 37f89ccfc439f8d86c401d9ae10e94e53b924961 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Mensik <pemensik@redhat.com>
|
||||||
|
Date: Tue, 27 Aug 2019 20:39:59 +0200
|
||||||
|
Subject: [PATCH] Do not set engine for native PKCS11
|
||||||
|
|
||||||
|
It resets already set lib_path to pkcs11, which is invalid in native
|
||||||
|
pkcs11 crypto. Engine has to be path to PKCS#11 module.
|
||||||
|
---
|
||||||
|
bin/named/include/named/globals.h | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
|
||||||
|
index eda2214..2a611d5 100644
|
||||||
|
--- a/bin/named/include/named/globals.h
|
||||||
|
+++ b/bin/named/include/named/globals.h
|
||||||
|
@@ -160,7 +160,7 @@ EXTERN const char * ns_g_defaultdnstap INIT(NULL);
|
||||||
|
|
||||||
|
EXTERN const char * ns_g_username INIT(NULL);
|
||||||
|
|
||||||
|
-#if defined(USE_PKCS11)
|
||||||
|
+#if defined(USE_PKCS11) && !defined(PKCS11CRYPTO)
|
||||||
|
EXTERN const char * ns_g_engine INIT(PKCS11_ENGINE);
|
||||||
|
#else
|
||||||
|
EXTERN const char * ns_g_engine INIT(NULL);
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
||||||
@ -116,6 +116,8 @@ Patch140:bind-9.11-rh1410433.patch
|
|||||||
Patch145:bind-9.11-rh1205168.patch
|
Patch145:bind-9.11-rh1205168.patch
|
||||||
# [ISC-Bugs #46853] commit cb616c6d5c2ece1fac37fa6e0bca2b53d4043098 ISC 4851
|
# [ISC-Bugs #46853] commit cb616c6d5c2ece1fac37fa6e0bca2b53d4043098 ISC 4851
|
||||||
Patch149:bind-9.11-kyua-pkcs11.patch
|
Patch149:bind-9.11-kyua-pkcs11.patch
|
||||||
|
# Avoid conflicts with OpenSSL PKCS11 engine
|
||||||
|
Patch150:bind-9.11-engine-pkcs11.patch
|
||||||
Patch153:bind-9.11-export-suffix.patch
|
Patch153:bind-9.11-export-suffix.patch
|
||||||
Patch154:bind-9.11-oot-manual.patch
|
Patch154:bind-9.11-oot-manual.patch
|
||||||
Patch155:bind-9.11-pk11.patch
|
Patch155:bind-9.11-pk11.patch
|
||||||
@ -551,6 +553,7 @@ cp -r lib/isc{,-pkcs11}
|
|||||||
cp -r lib/dns{,-pkcs11}
|
cp -r lib/dns{,-pkcs11}
|
||||||
%patch136 -p1 -b .dist_pkcs11
|
%patch136 -p1 -b .dist_pkcs11
|
||||||
%patch149 -p1 -b .kyua-pkcs11
|
%patch149 -p1 -b .kyua-pkcs11
|
||||||
|
%patch150 -p1 -b .engine-pkcs11
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{with SDB}
|
%if %{with SDB}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user