From: Michal Nowak Date: Wed, 25 Mar 2026 09:47:42 +0000 (+0100) Subject: pkcs11-provider project has new home X-Git-Tag: v9.20.22~10^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0916964885b355b10d028846da11766ad8fb324a;p=thirdparty%2Fbind9.git pkcs11-provider project has new home (cherry picked from commit bf56489c4551b11680c82e384855e71ef960f82e) --- diff --git a/doc/arm/pkcs11.inc.rst b/doc/arm/pkcs11.inc.rst index b6457295ad3..60aa17cc043 100644 --- a/doc/arm/pkcs11.inc.rst +++ b/doc/arm/pkcs11.inc.rst @@ -27,7 +27,7 @@ BIND 9 accesses PKCS#11 libraries via OpenSSL extensions. The extension for OpenSSL 3 and newer is `pkcs11-provider`_; for older OpenSSL versions, engine_pkcs11 from the `OpenSC`_ project can be used. -.. _`pkcs11-provider`: https://github.com/latchset/pkcs11-provider +.. _`pkcs11-provider`: https://github.com/openssl-projects/pkcs11-provider .. _OpenSC: https://github.com/OpenSC/libp11 In both cases the extension is dynamically loaded into OpenSSL and the HSM is @@ -188,7 +188,7 @@ The canonical documentation for configuring pkcs11-provider is in the `provider-pkcs11.7`_ manual page, but a copy of a working configuration is provided here for convenience: -.. _`provider-pkcs11.7`: https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md +.. _`provider-pkcs11.7`: https://github.com/openssl-projects/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md In this example, we use a custom copy of OpenSSL configuration, driven by an environment variable called OPENSSL_CONF. First, copy the @@ -232,7 +232,7 @@ Add the following lines at the bottom of the file: module = /pkcs11.so pkcs11-module-path = # bind uses the digest+sign api. this is broken with the default load behaviour, - # but works with early load. see: https://github.com/latchset/pkcs11-provider/issues/266 + # but works with early load. see: https://github.com/openssl-projects/pkcs11-provider/issues/266 pkcs11-module-load-behavior = early # no-deinit quirk is needed if you use softhsm2 #pkcs11-module-quirks = no-deinit