[Opendnssec-user] ods-control segfault

Rickard Bellgrim rickard.bellgrim at iis.se
Thu May 20 15:00:50 UTC 2010


Key was created with 'pkcs11-keygen' and perfectly valid.

I think the problem has to do with this ticket:
http://trac.opendnssec.org/ticket/111

The BIND tool does not save the public key. And OpenDNSSEC assumes that the public key is available. It segfaults because it does not have any sanity check.

We will fix this, when we migrate over to only using the private key object. OpenDNSSEC should not actually need the public key object, since you should be able to create the public key (DNSKEY) from the information in the private key object. But PKCS#11 does not guarantee that all of the public key material is available within the private key object. It should although be safe to do this, since we do not know any vendor which does not keep that data.

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100520/974e3ef7/attachment.htm>


More information about the Opendnssec-user mailing list