[Opendnssec-develop] Signature verification in SoftHSM

Jakob Schlyter jakob at kirei.se
Tue Apr 5 08:02:45 UTC 2011

On 31 mar 2011, at 09.21, Rickard Bellgrim wrote:

> It is almost two years ago since we introduced signature verification in SoftHSM. This is a debug feature that enables SoftHSM to verify all the signatures that is created. To get this feature you have to configure with --enable-sigver. We added this because we one time got a signature that could not be verified, but we never managed to recreate this situation.
> My question is: Can we remove this code from SoftHSM?

I think we should keep it, but still require it to be explicitly enabled (with autoconf).

> (I do not think anyone is using it. And the signing code would be much cleaner without it.)

Why, isn't it a large chuck of #ifdef?


More information about the Opendnssec-develop mailing list