Add missing options and conditionals to enable pkcs#11 when needed

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 1030b75e3a97b018a98c72568fedc825f63ba4d7..c32e8fa5f4c4feadd328e58c8311675190356c3f 100644 (file)
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -1119,9 +1119,12 @@ try
     cerr<<"                                   Generate a ZSK or KSK to stdout with specified algo&bits"<<endl;
     cerr<<"get-meta ZONE [kind kind ..]       Get zone metadata. If no KIND given, lists all known"<<endl;
     cerr<<"hash-zone-record ZONE RNAME        Calculate the NSEC3 hash for RNAME in ZONE"<<endl;
-    cerr<<"hsm assign zone module slot pin    Assign a hardware signing module to a ZONE"<<endl;
+#ifdef HAVE_P11KIT1
+    cerr<<"hsm assign zone zsk|ksk module slot pin label"<<endl<<
+          "                                   Assign a hardware signing module to a ZONE"<<endl;
     cerr<<"hsm create-key zone [bits]         Create a key using hardware signing module for ZONE (use assign first)"<<endl; 
     cerr<<"                                   bits defaults to 2048"<<endl;
+#endif
     cerr<<"increase-serial ZONE               Increases the SOA-serial by 1. Uses SOA-EDIT"<<endl;
     cerr<<"import-tsig-key NAME ALGORITHM KEY Import TSIG key"<<endl;
     cerr<<"import-zone-key ZONE FILE          Import from a file a private key, ZSK or KSK"<<endl;
@@ -1892,6 +1895,7 @@ try
       cout << "Set '" << zone << "' meta " << kind << " = " << boost::join(meta, ", ") << endl;
     }
   } else if (cmds[0]=="hsm") {
+#ifdef HAVE_P11KIT1
     UeberBackend B("default");
     if (cmds[1] == "assign") {
       DNSCryptoKeyEngine::storvector_t storvect;
@@ -1992,6 +1996,10 @@ try
       cerr << "Key of size " << bits << " created" << std::endl;
       return 0;
     }
+#else
+    cerr<<"PKCS#11 support not enabled"<<endl;
+    return 1; 
+#endif
   } else {
     cerr<<"Unknown command '"<<cmds[0] <<"'"<< endl;
     return 1;