From: Francis Dupont Date: Mon, 5 Oct 2009 12:13:15 +0000 (+0000) Subject: regen X-Git-Tag: v9.7.0b1~66 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=b091b4bb803b830d2d5a9e71b6648b669655d7dc;p=thirdparty%2Fbind9.git regen --- diff --git a/bin/pkcs11/pkcs11-destroy.8 b/bin/pkcs11/pkcs11-destroy.8 new file mode 100644 index 00000000000..c10de4ab4e0 --- /dev/null +++ b/bin/pkcs11/pkcs11-destroy.8 @@ -0,0 +1,82 @@ +.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: pkcs11-destroy.8,v 1.2 2009/10/05 12:11:53 fdupont Exp $ +.\" +.hy 0 +.ad l +.\" Title: pkcs11\-destroy +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 +.\" Date: Sep 18, 2009 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "PKCS11\-DESTROY" "8" "Sep 18, 2009" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pkcs11\-destroy \- destroy PKCS#11 objects +.SH "SYNOPSIS" +.HP 15 +\fBpkcs11\-destroy\fR [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {\-i\ \fIID\fR | \-l\ \fIlabel\fR} [\fB\-p\ \fR\fB\fIPIN\fR\fR] +.SH "DESCRIPTION" +.PP +\fBpkcs11\-destroy\fR +destroys keys stored in a PKCS#11 device, identified by their +\fBID\fR +or +\fBlabel\fR. +.PP +Matching keys are displayed before being destroyed. There is a five second delay to allow the user to interrupt the process before the destruction takes place. +.SH "ARGUMENTS" +.PP +\-m \fImodule\fR +.RS 4 +Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device. +.RE +.PP +\-s \fIslot\fR +.RS 4 +Open the session with the given PKCS#11 slot. The default is slot 0. +.RE +.PP +\-i \fIID\fR +.RS 4 +Destroy keys with the given object ID. +.RE +.PP +\-l \fIlabel\fR +.RS 4 +Destroy keys with the given label. +.RE +.PP +\-p \fIPIN\fR +.RS 4 +Specify the PIN for the device. If no PIN is provided on the command line, +\fBpkcs11\-destroy\fR +will prompt for it. +.RE +.SH "SEE ALSO" +.PP +\fBpkcs11\-list\fR(3), +\fBpkcs11\-keygen\fR(3) +.SH "AUTHOR" +.PP +Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/pkcs11/pkcs11-destroy.html b/bin/pkcs11/pkcs11-destroy.html new file mode 100644 index 00000000000..3f0adf4538d --- /dev/null +++ b/bin/pkcs11/pkcs11-destroy.html @@ -0,0 +1,88 @@ + + + + + +pkcs11-destroy + + +
+
+
+

Name

+

pkcs11-destroy — destroy PKCS#11 objects

+
+
+

Synopsis

+

pkcs11-destroy [-m module] [-s slot] { -i ID | -l label } [-p PIN]

+
+
+

DESCRIPTION

+

+ pkcs11-destroy destroys keys stored in a + PKCS#11 device, identified by their ID or + label. +

+

+ Matching keys are displayed before being destroyed. There is a + five second delay to allow the user to interrupt the process + before the destruction takes place. +

+
+
+

ARGUMENTS

+
+
-m module
+

+ Specify the PKCS#11 provider module. This must be the full + path to a shared library object implementing the PKCS#11 API + for the device. +

+
-s slot
+

+ Open the session with the given PKCS#11 slot. The default is + slot 0. +

+
-i ID
+

+ Destroy keys with the given object ID. +

+
-l label
+

+ Destroy keys with the given label. +

+
-p PIN
+

+ Specify the PIN for the device. If no PIN is provided on the + command line, pkcs11-destroy will prompt for it. +

+
+
+
+

SEE ALSO

+

+ pkcs11-list(3), + pkcs11-keygen(3) +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/bin/pkcs11/pkcs11-keygen.8 b/bin/pkcs11/pkcs11-keygen.8 new file mode 100644 index 00000000000..db761ad63b6 --- /dev/null +++ b/bin/pkcs11/pkcs11-keygen.8 @@ -0,0 +1,93 @@ +.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: pkcs11-keygen.8,v 1.2 2009/10/05 12:11:53 fdupont Exp $ +.\" +.hy 0 +.ad l +.\" Title: pkcs11\-keygen +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 +.\" Date: Sep 18, 2009 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "PKCS11\-KEYGEN" "8" "Sep 18, 2009" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pkcs11\-keygen \- generate RSA keys on a PKCS#11 device +.SH "SYNOPSIS" +.HP 14 +\fBpkcs11\-keygen\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {\-b\ \fIkeysize\fR} {\-l\ \fIlabel\fR} [\fB\-p\ \fR\fB\fIPIN\fR\fR] +.SH "DESCRIPTION" +.PP +\fBpkcs11\-keygen\fR +causes a PKCS#11 device to generate a new RSA key pair with the specified +\fBlabel\fR +and with +\fBkeysize\fR +bits of modulus. +.SH "ARGUMENTS" +.PP +\-P +.RS 4 +Set the new private key to be non\-sensitive and extractable. The allows the private key data to be read from the PKCS#11 device. The default is for private keys to be sensitive and non\-extractable. +.RE +.PP +\-m \fImodule\fR +.RS 4 +Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device. +.RE +.PP +\-s \fIslot\fR +.RS 4 +Open the session with the given PKCS#11 slot. The default is slot 0. +.RE +.PP +\-b \fIkeysize\fR +.RS 4 +Create the key pair with +\fBkeysize\fR +bits of modulus. +.RE +.PP +\-l \fIlabel\fR +.RS 4 +Create key objects with the given label. +.RE +.PP +\-p \fIPIN\fR +.RS 4 +Specify the PIN for the device. If no PIN is provided on the command line, +\fBpkcs11\-keygen\fR +will prompt for it. +.RE +.SH "SEE ALSO" +.PP +\fBpkcs11\-list\fR(3), +\fBpkcs11\-destroy\fR(3) +.SH "CAVEAT" +.PP +The public exponent is hard\-wired to 65537. +.PP +The command should optionally set the object ID too. +.SH "AUTHOR" +.PP +Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/pkcs11/pkcs11-keygen.html b/bin/pkcs11/pkcs11-keygen.html new file mode 100644 index 00000000000..77410e8633a --- /dev/null +++ b/bin/pkcs11/pkcs11-keygen.html @@ -0,0 +1,96 @@ + + + + + +pkcs11-keygen + + +
+
+
+

Name

+

pkcs11-keygen — generate RSA keys on a PKCS#11 device

+
+
+

Synopsis

+

pkcs11-keygen [-P] [-m module] [-s slot] {-b keysize} {-l label} [-p PIN]

+
+
+

DESCRIPTION

+

+ pkcs11-keygen causes a PKCS#11 device to generate + a new RSA key pair with the specified label and + with keysize bits of modulus. +

+
+
+

ARGUMENTS

+
+
-P
+

+ Set the new private key to be non-sensitive and extractable. + The allows the private key data to be read from the PKCS#11 + device. The default is for private keys to be sensitive and + non-extractable. +

+
-m module
+

+ Specify the PKCS#11 provider module. This must be the full + path to a shared library object implementing the PKCS#11 API + for the device. +

+
-s slot
+

+ Open the session with the given PKCS#11 slot. The default is + slot 0. +

+
-b keysize
+

+ Create the key pair with keysize bits of + modulus. +

+
-l label
+

+ Create key objects with the given label. +

+
-p PIN
+

+ Specify the PIN for the device. If no PIN is provided on the + command line, pkcs11-keygen will prompt for it. +

+
+
+
+

SEE ALSO

+

+ pkcs11-list(3), + pkcs11-destroy(3) +

+
+
+

CAVEAT

+

The public exponent is hard-wired to 65537.

+

The command should optionally set the object ID too.

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/bin/pkcs11/pkcs11-list.8 b/bin/pkcs11/pkcs11-list.8 new file mode 100644 index 00000000000..dd3f21f8dfa --- /dev/null +++ b/bin/pkcs11/pkcs11-list.8 @@ -0,0 +1,86 @@ +.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: pkcs11-list.8,v 1.2 2009/10/05 12:11:53 fdupont Exp $ +.\" +.hy 0 +.ad l +.\" Title: pkcs11\-list +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 +.\" Date: Sep 18, 2009 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "PKCS11\-LIST" "8" "Sep 18, 2009" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pkcs11\-list \- list PKCS#11 objects +.SH "SYNOPSIS" +.HP 12 +\fBpkcs11\-list\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] [\-i\ \fIID\fR] [\-l\ \fIlabel\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR] +.SH "DESCRIPTION" +.PP +\fBpkcs11\-list\fR +lists the PKCS#11 objects with +\fBID\fR +or +\fBlabel\fR +or by default all objects. +.SH "ARGUMENTS" +.PP +\-P +.RS 4 +List only the public objects. (Note that on some PKCS#11 devices, all objects are private.) +.RE +.PP +\-m \fImodule\fR +.RS 4 +Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device. +.RE +.PP +\-s \fIslot\fR +.RS 4 +Open the session with the given PKCS#11 slot. The default is slot 0. +.RE +.PP +\-i \fIID\fR +.RS 4 +List only key objects with the given object ID. +.RE +.PP +\-l \fIlabel\fR +.RS 4 +List only key objects with the given label. +.RE +.PP +\-p \fIPIN\fR +.RS 4 +Specify the PIN for the device. If no PIN is provided on the command line, +\fBpkcs11\-list\fR +will prompt for it. +.RE +.SH "SEE ALSO" +.PP +\fBpkcs11\-keygen\fR(3), +\fBpkcs11\-destroy\fR(3) +.SH "AUTHOR" +.PP +Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/pkcs11/pkcs11-list.html b/bin/pkcs11/pkcs11-list.html new file mode 100644 index 00000000000..8e8c5ceb2c9 --- /dev/null +++ b/bin/pkcs11/pkcs11-list.html @@ -0,0 +1,88 @@ + + + + + +pkcs11-list + + +
+
+
+

Name

+

pkcs11-list — list PKCS#11 objects

+
+
+

Synopsis

+

pkcs11-list [-P] [-m module] [-s slot] [-i ID] [-l label] [-p PIN]

+
+
+

DESCRIPTION

+

+ pkcs11-list + lists the PKCS#11 objects with ID or + label or by default all objects. +

+
+
+

ARGUMENTS

+
+
-P
+

+ List only the public objects. (Note that on some PKCS#11 + devices, all objects are private.) +

+
-m module
+

+ Specify the PKCS#11 provider module. This must be the full + path to a shared library object implementing the PKCS#11 API + for the device. +

+
-s slot
+

+ Open the session with the given PKCS#11 slot. The default is + slot 0. +

+
-i ID
+

+ List only key objects with the given object ID. +

+
-l label
+

+ List only key objects with the given label. +

+
-p PIN
+

+ Specify the PIN for the device. If no PIN is provided on the + command line, pkcs11-list will prompt for it. +

+
+
+
+

SEE ALSO

+

+ pkcs11-keygen(3), + pkcs11-destroy(3) +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/configure b/configure index 97cb06f8f89..96a47c54bcb 100755 --- a/configure +++ b/configure @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. # -# $Id: configure,v 1.467 2009/10/02 06:28:27 marka Exp $ +# $Id: configure,v 1.468 2009/10/05 12:09:35 fdupont Exp $ # # Portions Copyright (C) 1996-2001 Nominum, Inc. # @@ -29,7 +29,7 @@ # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# From configure.in Revision: 1.481 . +# From configure.in Revision: 1.482 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61. # @@ -896,6 +896,8 @@ DST_OPENSSL_INC ISC_PLATFORM_OPENSSLHASH ISC_OPENSSL_INC USE_PKCS11 +PKCS11_PROVIDER +PKCS11_TOOLS ISC_PLATFORM_HAVEGSSAPI ISC_PLATFORM_GSSAPIHEADER USE_GSSAPI @@ -1679,7 +1681,8 @@ Optional Packages: --with-tags[=TAGS] include additional configurations [automatic] --with-openssl=PATH Build with OpenSSL yes|no|path. (Required for DNSSEC) - --with-pkcs11 Build with PKCS11 support + --with-pkcs11=PATH Build with PKCS11 support yes|no|path + (PATH is for the PKCS11 provider) --with-gssapi=PATH Specify path for system-supplied GSSAPI --with-randomdev=PATH Specify path for random device --with-ptl2 on NetBSD, use the ptl2 thread library (experimental) @@ -3957,7 +3960,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 3960 "configure"' > conftest.$ac_ext + echo '#line 3963 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -6905,11 +6908,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6908: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6911: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6912: \$? = $ac_status" >&5 + echo "$as_me:6915: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7195,11 +7198,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7198: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7201: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7202: \$? = $ac_status" >&5 + echo "$as_me:7205: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7299,11 +7302,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7302: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7305: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7306: \$? = $ac_status" >&5 + echo "$as_me:7309: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9663,7 +9666,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:12174: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12175: \$? = $ac_status" >&5 + echo "$as_me:12178: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -12272,11 +12275,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12275: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12278: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:12279: \$? = $ac_status" >&5 + echo "$as_me:12282: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -13855,11 +13858,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13858: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13861: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13862: \$? = $ac_status" >&5 + echo "$as_me:13865: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13959,11 +13962,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13962: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13965: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13966: \$? = $ac_status" >&5 + echo "$as_me:13969: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -16170,11 +16173,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16173: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16176: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16177: \$? = $ac_status" >&5 + echo "$as_me:16180: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16460,11 +16463,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16463: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16466: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16467: \$? = $ac_status" >&5 + echo "$as_me:16470: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16564,11 +16567,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16567: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16570: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16571: \$? = $ac_status" >&5 + echo "$as_me:16574: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -22843,19 +22846,19 @@ echo $ECHO_N "checking for PKCS11 support... $ECHO_C" >&6; } # Check whether --with-pkcs11 was given. if test "${with_pkcs11+set}" = set; then - withval=$with_pkcs11; use_pkcs11="yes" + withval=$with_pkcs11; use_pkcs11="$withval" else use_pkcs11="no" fi case "$use_pkcs11" in - no) + no|'') { echo "$as_me:$LINENO: result: disabled" >&5 echo "${ECHO_T}disabled" >&6; } - USE_PKCS11="" + USE_PKCS11='' ;; - yes) + yes|*) { echo "$as_me:$LINENO: result: using OpenSSL with PKCS11 support" >&5 echo "${ECHO_T}using OpenSSL with PKCS11 support" >&6; } USE_PKCS11='-DUSE_PKCS11' @@ -22863,6 +22866,24 @@ echo "${ECHO_T}using OpenSSL with PKCS11 support" >&6; } esac +{ echo "$as_me:$LINENO: checking for PKCS11 tools" >&5 +echo $ECHO_N "checking for PKCS11 tools... $ECHO_C" >&6; } +case "$use_pkcs11" in + no|yes|'') + { echo "$as_me:$LINENO: result: disabled" >&5 +echo "${ECHO_T}disabled" >&6; } + PKCS11_PROVIDER="undefined" + PKCS11_TOOLS='' + ;; + *) + { echo "$as_me:$LINENO: result: PKCS11 provider is \"$use_pkcs11\"" >&5 +echo "${ECHO_T}PKCS11 provider is \"$use_pkcs11\"" >&6; } + PKCS11_PROVIDER="$use_pkcs11" + PKCS11_TOOLS=pkcs11 + ;; +esac + + { echo "$as_me:$LINENO: checking for GSSAPI library" >&5 echo $ECHO_N "checking for GSSAPI library... $ECHO_C" >&6; } @@ -33281,7 +33302,7 @@ ac_config_commands="$ac_config_commands chmod" # elsewhere if there's a good reason for doing so. # -ac_config_files="$ac_config_files Makefile make/Makefile make/mkdep lib/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/nls/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/export/Makefile lib/export/isc/Makefile lib/export/isc/include/Makefile lib/export/isc/include/isc/Makefile lib/export/isc/unix/Makefile lib/export/isc/unix/include/Makefile lib/export/isc/unix/include/isc/Makefile lib/export/isc/nls/Makefile lib/export/isc/$thread_dir/Makefile lib/export/isc/$thread_dir/include/Makefile lib/export/isc/$thread_dir/include/isc/Makefile lib/export/dns/Makefile lib/export/dns/include/Makefile lib/export/dns/include/dns/Makefile lib/export/dns/include/dst/Makefile lib/export/irs/Makefile lib/export/irs/include/Makefile lib/export/irs/include/irs/Makefile lib/export/isccfg/Makefile lib/export/isccfg/include/Makefile lib/export/isccfg/include/isccfg/Makefile lib/export/samples/Makefile lib/export/samples/Makefile-postinstall lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/named/Makefile bin/named/unix/Makefile bin/rndc/Makefile bin/dig/Makefile bin/nsupdate/Makefile bin/tests/Makefile bin/tests/names/Makefile bin/tests/master/Makefile bin/tests/rbt/Makefile bin/tests/db/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/dst/Makefile bin/tests/mem/Makefile bin/tests/net/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/lwresd/Makefile bin/tests/system/tkey/Makefile bin/tests/headerdep_test.sh bin/tools/Makefile bin/dnssec/Makefile doc/Makefile doc/arm/Makefile doc/misc/Makefile isc-config.sh doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter" +ac_config_files="$ac_config_files Makefile make/Makefile make/mkdep lib/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/nls/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/export/Makefile lib/export/isc/Makefile lib/export/isc/include/Makefile lib/export/isc/include/isc/Makefile lib/export/isc/unix/Makefile lib/export/isc/unix/include/Makefile lib/export/isc/unix/include/isc/Makefile lib/export/isc/nls/Makefile lib/export/isc/$thread_dir/Makefile lib/export/isc/$thread_dir/include/Makefile lib/export/isc/$thread_dir/include/isc/Makefile lib/export/dns/Makefile lib/export/dns/include/Makefile lib/export/dns/include/dns/Makefile lib/export/dns/include/dst/Makefile lib/export/irs/Makefile lib/export/irs/include/Makefile lib/export/irs/include/irs/Makefile lib/export/isccfg/Makefile lib/export/isccfg/include/Makefile lib/export/isccfg/include/isccfg/Makefile lib/export/samples/Makefile lib/export/samples/Makefile-postinstall lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/named/Makefile bin/named/unix/Makefile bin/rndc/Makefile bin/dig/Makefile bin/nsupdate/Makefile bin/tests/Makefile bin/tests/names/Makefile bin/tests/master/Makefile bin/tests/rbt/Makefile bin/tests/db/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/dst/Makefile bin/tests/mem/Makefile bin/tests/net/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/lwresd/Makefile bin/tests/system/tkey/Makefile bin/tests/headerdep_test.sh bin/tools/Makefile bin/dnssec/Makefile bin/pkcs11/Makefile doc/Makefile doc/arm/Makefile doc/misc/Makefile isc-config.sh doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter" # @@ -33949,6 +33970,7 @@ do "bin/tests/headerdep_test.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/headerdep_test.sh" ;; "bin/tools/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tools/Makefile" ;; "bin/dnssec/Makefile") CONFIG_FILES="$CONFIG_FILES bin/dnssec/Makefile" ;; + "bin/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES bin/pkcs11/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/arm/Makefile") CONFIG_FILES="$CONFIG_FILES doc/arm/Makefile" ;; "doc/misc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/misc/Makefile" ;; @@ -34207,6 +34229,8 @@ DST_OPENSSL_INC!$DST_OPENSSL_INC$ac_delim ISC_PLATFORM_OPENSSLHASH!$ISC_PLATFORM_OPENSSLHASH$ac_delim ISC_OPENSSL_INC!$ISC_OPENSSL_INC$ac_delim USE_PKCS11!$USE_PKCS11$ac_delim +PKCS11_PROVIDER!$PKCS11_PROVIDER$ac_delim +PKCS11_TOOLS!$PKCS11_TOOLS$ac_delim ISC_PLATFORM_HAVEGSSAPI!$ISC_PLATFORM_HAVEGSSAPI$ac_delim ISC_PLATFORM_GSSAPIHEADER!$ISC_PLATFORM_GSSAPIHEADER$ac_delim USE_GSSAPI!$USE_GSSAPI$ac_delim @@ -34271,8 +34295,6 @@ ISC_IRS_NEEDADDRINFO!$ISC_IRS_NEEDADDRINFO$ac_delim ISC_LWRES_NEEDRRSETINFO!$ISC_LWRES_NEEDRRSETINFO$ac_delim ISC_LWRES_SETHOSTENTINT!$ISC_LWRES_SETHOSTENTINT$ac_delim ISC_LWRES_ENDHOSTENTINT!$ISC_LWRES_ENDHOSTENTINT$ac_delim -ISC_LWRES_GETNETBYADDRINADDR!$ISC_LWRES_GETNETBYADDRINADDR$ac_delim -ISC_LWRES_SETNETENTINT!$ISC_LWRES_SETNETENTINT$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -34314,6 +34336,8 @@ _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF +ISC_LWRES_GETNETBYADDRINADDR!$ISC_LWRES_GETNETBYADDRINADDR$ac_delim +ISC_LWRES_SETNETENTINT!$ISC_LWRES_SETNETENTINT$ac_delim ISC_LWRES_ENDNETENTINT!$ISC_LWRES_ENDNETENTINT$ac_delim ISC_LWRES_GETHOSTBYADDRVOID!$ISC_LWRES_GETHOSTBYADDRVOID$ac_delim ISC_LWRES_NEEDHERRNO!$ISC_LWRES_NEEDHERRNO$ac_delim @@ -34398,7 +34422,7 @@ LIBOBJS!$LIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 82; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 84; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5