[Opendnssec-develop] Signature verification in SoftHSM
Jakob Schlyter
jakob at kirei.se
Tue Apr 5 08:02:45 UTC 2011
On 31 mar 2011, at 09.21, Rickard Bellgrim wrote:
> It is almost two years ago since we introduced signature verification in SoftHSM. This is a debug feature that enables SoftHSM to verify all the signatures that is created. To get this feature you have to configure with --enable-sigver. We added this because we one time got a signature that could not be verified, but we never managed to recreate this situation.
>
> My question is: Can we remove this code from SoftHSM?
I think we should keep it, but still require it to be explicitly enabled (with autoconf).
> (I do not think anyone is using it. And the signing code would be much cleaner without it.)
Why, isn't it a large chuck of #ifdef?
jakob
More information about the Opendnssec-develop
mailing list