mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

[master] cleanup pcks11 doc

Browse Source
This commit is contained in:
Evan Hunt
2014-01-15 10:01:44 -08:00
parent e4f484b7b7
commit 693a7bb91a
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
doc/arm/pkcs11.xml
View File

@@ -40,13 +40,13 @@
</para>
<para>
There are two available mechanisms for PKCS#11 support in BIND 9:
OpenSSL-based PKCS#11 and native PKCS#11. The first mechanism
BIND uses a modified version of OpenSSL which loads the provider
library and operates the HSM indirectly; any cryptographic operations
not supported by the HSM can be carried out by OpenSSL instead.
The second mechanism enables BIND to bypass OpenSSL completely;
BIND loads the provider library and uses the PKCS#11 API to drive
the HSM itself.
OpenSSL-based PKCS#11 and native PKCS#11. When using the first
mechanism, BIND uses a modified version of OpenSSL, which loads
the provider library and operates the HSM indirectly; any
cryptographic operations not supported by the HSM can be carried
out by OpenSSL instead. The second mechanism enables BIND to bypass
OpenSSL completely; BIND loads the provider library itself, and uses
the PKCS#11 API to drive the HSM directly.
</para>
<sect2>
<title>Prerequisites</title>
@@ -75,7 +75,7 @@
</para>
<screen>
$ <userinput>cd bind9</userinput>
$ <userinput>./configure --without-openssl --enable-native-pkcs11 \
$ <userinput>./configure --enable-native-pkcs11 \
--with-pkcs11=<replaceable>provider-library-path</replaceable></userinput>
</screen>
<para>