upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-28 04:21:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add deprecation notice about --enable-native-pkcs11 to configure.ac

Browse source 
The native PKCS#11 feature has been removed in BIND 9.18, so we need to
add a deprecation notice (warning at ./configure time) to the next 9.16
release.
This commit is contained in:
Ondřej Surý 2021-09-09 22:13:36 +02:00
parent ca521b3824
commit 6cf86cc75b
2 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
configure vendored
View file

@ -26364,6 +26364,19 @@ report() {
test "$CRYPTO" = "pkcs11" && (
echo " Using PKCS#11 for Public-Key Cryptography (--with-native-pkcs11)"
echo " PKCS#11 module (--with-pkcs11): $with_pkcs11"
echo " +--------------------------------------------+"
echo " | ==== WARNING ==== |"
echo " | |"
echo " | The use of native PKCS#11 for Public-Key |"
echo " | Cryptography in BIND 9 has been deprecated |"
echo " | in favor of OpenSSL engine_pkcs11 from the |"
echo " | OpenSC project. The --with-native-pkcs11 |"
echo " | configuration option will be removed from |"
echo " | the next major BIND 9 release. The option |"
echo " | to use the engine_pkcs11 OpenSSL engine is |"
echo " | already available in BIND 9; please see |"
echo " | the ARM section on PKCS#11 for details. |"
echo " +--------------------------------------------+"
)
echo " Dynamically loadable zone (DLZ) drivers:"

13
configure.ac
View file

@ -2991,6 +2991,19 @@ report() {
test "$CRYPTO" = "pkcs11" && (
echo " Using PKCS#11 for Public-Key Cryptography (--with-native-pkcs11)"
echo " PKCS#11 module (--with-pkcs11): $with_pkcs11"
echo " +--------------------------------------------+"
echo " | ==== WARNING ==== |"
echo " | |"
echo " | The use of native PKCS#11 for Public-Key |"
echo " | Cryptography in BIND 9 has been deprecated |"
echo " | in favor of OpenSSL engine_pkcs11 from the |"
echo " | OpenSC project. The --with-native-pkcs11 |"
echo " | configuration option will be removed from |"
echo " | the next major BIND 9 release. The option |"
echo " | to use the engine_pkcs11 OpenSSL engine is |"
echo " | already available in BIND 9; please see |"
echo " | the ARM section on PKCS#11 for details. |"
echo " +--------------------------------------------+"
)
echo " Dynamically loadable zone (DLZ) drivers:"