Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 577
    • Issues 577
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 116
    • Merge requests 116
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #830
Closed
Open
Issue created Jan 23, 2019 by Cathy Almond@cathyaDeveloper

dnssec-keyfromlabel error "pk11.c:564: fatal error: pkcs_C_Login: Error = 0x000000A0" could be more helpful

The problem in this instance was that the pin code was incorrect. But at this point the problem could have been several - for example that the pkcs#11 library wasn't accessible or something like that. After heading off on the wrong track for quite some time, we eventually uncovered where the issue was.

# dnssec-keyfromlabel -v 5 -a RSASHA256 -l 'pkcs11:pin-source=/etc/named/hsmpin;object=sample_ksk' -K /etc/named/keys -f KSK example.com
pk11.c:564: fatal error: pkcs_C_Login: Error = 0x000000A0

I suspect that it's out of our hands to be able to interpret an error passed back to us by another lib, but what might be more helpful could be a summary of how far dnssec-key-label had got, so we know where not to look for the problem and maybe some suggestions for further troubleshooting?

In the above example, the PKCS#11 provider libs had been loaded OK, but the pin was wrong. Perhaps the error could indicate what the BIND code was trying to do (at a higher level) when it all went wrong?

(From Support ticket #14117 )

Assignee
Assign to
Time tracking