Dead code guarded by PK11_RSA_PKCS_REPLACE in pkcs11rsa_link.c
PK11_RSA_PKCS_REPLACE
is not defined in configure
or described in documentation and is therefore invisible for the user on main
and v9_16
.
In v9_11
one might set it via ./configure --enable-native-pkcs11 --with-pkcs11=/opt/Keyper/PKCS11Provider/pkcs11.so
(see configure.ac
, line 2324), which sets -DPK11_FLAVOR=PK11_AEP_FLAVOR
, which in lib/isc/include/pk11/site.h
via #if PK11_FLAVOR == PK11_AEP_FLAVOR
defines PK11_RSA_PKCS_REPLACE
.
#else /* ifndef PK11_RSA_PKCS_REPLACE */
blocks in lib/dns/pkcs11rsa_link.c
are either dead code forgotten when OpenSSL was made mandatory with c3b8130f in v9_13_3
and thus should be dropped, made available by configure
, or the least documented in e.g. OPTIONS.md
.