Dear Jun,
On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him) <jaruga@xxxxxxxxxx> wrote:
On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> wrote:
>
...
>> > == Detailed Description ==
>> > We are going to build OpenSSL without engine support. Engines are not
>> > FIPS compatible and corresponding API is deprecated since OpenSSL 3.0.
>> > The engine functionality we are aware of (PKCS#11, TPM) is either
>> > covered by providers or will be covered soon.
>>
>> "will be covered soon"
>>
>> ... so lets wait until that work is actually complete before
>> removing this from openssl, otherwise there's a window of
>> brokenness in Fedora where the old feature is removed and
>> the new feature is not ready.
>
>
> I am not going to land this change until the tpm2 provider is landed in Fedora.
> But the affected packages must start prepare to this change as early as possible.
Hi Dmitry,
Could you provide the upstream OpenSSL project's issue ticket(s) or
pull-request(s) about the feature adding or updating the providers to
cover all the functionalities that engines have?
I would like to track the progress of the work.
I'm quite surprised.
I'm pretty sure that providers cover all the functionalities that engines have.
(It doesn't mean that for each an every engine exists a 1:1 replacing provider, but it's a question to the authors of these engines)
If you are aware of any deficiencies, could you please let upstream or me know?
Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue