Barry writes:
> The biggest frustration is openssl 3. Once again there are backwards- incompatible API changes, with little if none documentation, or direction. I wasted half of my weekend trying to figure out WTF needs to be done to make stuff work again. This time, it's not even a compilation issue. Things will compile. Just not work. Frustrating.I have not needed to port to openssl 3 yet myself but I am sure I found detailed docs on the openssl site about how to port to 3 from 1.1. If you have not looked there it is worthy searching for that resource.
I found something to that effect, and it was only partially helpful, and full of dead-ends. Here's an example. If the code was using EVP_des_cbc() it'll still comple, but fail at run time. The migration guide talks up a storm about replacement functions, that take a bunch of additional parameters. Trying to use them will produce the same result.
Reading between the lines, and putting together clues from different places you'll eventually figure out that you'll need to shove
OSSL_PROVIDER_load(NULL, "legacy");as the first order of business in your main(). At this point, if the code was also using more high level APIs, they'll all break. Until you figure out that you also have to add
OSSL_PROVIDER_load(NULL, "default");as well. Now everything works. And, you'll discover that the original EVP_des_cbc() now miraculously come alive, and the replacement API didn't buy you anything.
I don't even remember exactly how I figured out how to replace PEM_read_bio_DHparams with a combination of OSSL_LIB_CTX_get0_global_default(), PEM_read_bio_Parameters_ex(), and a handful of assorted EVP_PKEY*-based logic. I don't recall finding that in a single migration guide, but rather a bunch of Google searches.
Contrast and compare with the autotools updates, which were just as disruptive. But they didn't require a migration guide. autoupdate threw back at me a laundry list of obsoleted function and exactly what to do about them, and there were more breadcrumbs in the rewritten configure.ac-s.
Attachment:
pgpgzWpChV2mE.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure