]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 89cf304) | patch
Better PKCS#11 label creation
authorMatthijs Mekking <matthijs@isc.org>
Fri, 17 Nov 2023 09:45:05 +0000 (10:45 +0100)
committerMatthijs Mekking <matthijs@isc.org>
Thu, 25 Jan 2024 14:37:40 +0000 (15:37 +0100)
commit934d17255eeb412446a53ed54d288cd7bf9fa2d5
tree166fbc0c38424f1a45f75b766074faa84f52d618tree | snapshot
parent89cf3049d4923aba6fbc1183e22cf96740103c32commit | diff
Better PKCS#11 label creation

When using the same PKCS#11 URI for a zone that uses different
DNSSEC policies, the PKCS#11 label could collide, i.e. the same
label could be used for different keys. Add the policy name to
the label to make it more unique.

Also, the zone name could contain characters that are interpreted
as special characters when parsing the PKCS#11 URI string. Mangle
the zone name through 'dns_name_tofilenametext()' to make it
PKCS#11 safe.

Move the creation to a separate function for clarity.

Furthermore, add a log message whenever a PKCS#11 object has been
successfully created.
bin/dnssec/dnssec-keygen.c diff | blob | blame | history
lib/dns/include/dns/keystore.h diff | blob | blame | history
lib/dns/keymgr.c diff | blob | blame | history
lib/dns/keystore.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git