On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> wrote: > ... >> > == Detailed Description == >> > We are going to build OpenSSL without engine support. Engines are not >> > FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. >> > The engine functionality we are aware of (PKCS#11, TPM) is either >> > covered by providers or will be covered soon. >> >> "will be covered soon" >> >> ... so lets wait until that work is actually complete before >> removing this from openssl, otherwise there's a window of >> brokenness in Fedora where the old feature is removed and >> the new feature is not ready. > > > I am not going to land this change until the tpm2 provider is landed in Fedora. > But the affected packages must start prepare to this change as early as possible. Hi Dmitry, Could you provide the upstream OpenSSL project's issue ticket(s) or pull-request(s) about the feature adding or updating the providers to cover all the functionalities that engines have? I would like to track the progress of the work. Jun -- Jun | He - Him | Timezone: UTC+1 or 2, Czech Republic See <https://www.worldtimebuddy.com/czech-republic-prague-to-utc> for the timezone. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
