From: Michal Nowak Date: Wed, 25 Mar 2026 09:47:42 +0000 (+0100) Subject: pkcs11-provider project has new home X-Git-Tag: v9.21.21~15^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf56489c4551b11680c82e384855e71ef960f82e;p=thirdparty%2Fbind9.git pkcs11-provider project has new home --- diff --git a/doc/arm/build.inc.rst b/doc/arm/build.inc.rst index ccc6a39c9a3..62439eb4ff0 100644 --- a/doc/arm/build.inc.rst +++ b/doc/arm/build.inc.rst @@ -69,7 +69,7 @@ in a nonstandard location adjust ``PKG_CONFIG_PATH`` or use the option ``--pkg-config-path``. To use a PKCS#11 hardware service module for cryptographic operations, -PKCS#11 Provider (https://github.com/latchset/pkcs11-provider/tree/main) +PKCS#11 Provider (https://github.com/openssl-projects/pkcs11-provider/tree/main) must be compiled, configured and used directly in the OpenSSL 3.x. The Userspace RCU library ``liburcu`` (https://liburcu.org/) is used diff --git a/doc/arm/pkcs11.inc.rst b/doc/arm/pkcs11.inc.rst index bd0d5ead85a..d1b3d7c7bd9 100644 --- a/doc/arm/pkcs11.inc.rst +++ b/doc/arm/pkcs11.inc.rst @@ -26,7 +26,7 @@ is specific to the HSM to be controlled. BIND 9 accesses PKCS#11 libraries via OpenSSL Providers. The provider for OpenSSL 3 and newer is `pkcs11-provider`_. -.. _`pkcs11-provider`: https://github.com/latchset/pkcs11-provider +.. _`pkcs11-provider`: https://github.com/openssl-projects/pkcs11-provider In both cases the extension is dynamically loaded into OpenSSL and the HSM is operated indirectly; any cryptographic operations not supported by the HSM can @@ -87,7 +87,7 @@ The canonical documentation for configuring pkcs11-provider is in the `provider-pkcs11.7`_ manual page, but a copy of a working configuration is provided here for convenience: -.. _`provider-pkcs11.7`: https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md +.. _`provider-pkcs11.7`: https://github.com/openssl-projects/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md In this example, we use a custom copy of OpenSSL configuration, driven by an environment variable called OPENSSL_CONF. First, copy the @@ -131,7 +131,7 @@ Add the following lines at the bottom of the file: module = /pkcs11.so pkcs11-module-path = # bind uses the digest+sign api. this is broken with the default load behaviour, - # but works with early load. see: https://github.com/latchset/pkcs11-provider/issues/266 + # but works with early load. see: https://github.com/openssl-projects/pkcs11-provider/issues/266 pkcs11-module-load-behavior = early # no-deinit quirk is needed if you use softhsm2 #pkcs11-module-quirks = no-deinit