tsig test failing with native-pkcs11
The tsig system test fails when BIND is built with --enable-native-pkcs11
using SoftHSMv2.
I:tsig:check that multiple dnssec-keygen calls don't emit dns_dnssec_findmatchingkeys warning
I:tsig:failed
This may be a problem with generating DH keys. The dnssec-keygen
output looks like this:
dnssec-keygen: warning: pkcs11dh_link.c:458: pkcs_C_GenerateKey: Error = 0x00000005
dnssec-keygen: fatal: failed to generate key example.net/DH: crypto failure