[Opendnssec-develop] Sun SCA6000 on Ubuntu

Jelte Jansen jelte at NLnetLabs.nl
Tue Jun 30 11:36:22 UTC 2009

resending to list, thought i did reply-to-all

Jakob Schlyter wrote:
> oh, my bad - I thought we only used the ldns functions. would that be an 
> easy change? or something we can detect at runtime?

we do use the ldns functions, but only for nsec3 hashing (because that's 
entirely handled by ldns)

for signature input hashing, i think it shouldn't be too hard to just try and 
use the hsm, and on CKR_BAD_MECHANISM (or whatever it was), fall back to ldns. 
In pivotal land i would give it 1 point :)


More information about the Opendnssec-develop mailing list