Re: F41 Change Proposal: Disable openSSL Engine Support (system-wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 21, 2024 at 12:15:43PM +0100, Dmitry Belyavskiy wrote:
> Dear Jun,
> 
> 
> 
> On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him) <jaruga@xxxxxxxxxx>
> wrote:
> 
> > On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx>
> > wrote:
> > >
> > ...
> > >> > == Detailed Description ==
> > >> > We are going to build OpenSSL without engine support. Engines are not
> > >> > FIPS compatible and corresponding API is deprecated since OpenSSL 3.0.
> > >> > The engine functionality we are aware of (PKCS#11, TPM) is either
> > >> > covered by providers or will be covered soon.
> > >>
> > >> "will be covered soon"
> > >>
> > >> ... so lets wait until that work is actually complete before
> > >> removing this from openssl, otherwise there's a window of
> > >> brokenness in Fedora where the old feature is removed and
> > >> the new feature is not ready.
> > >
> > >
> > > I am not going to land this change until the tpm2 provider is landed in
> > Fedora.
> > > But the affected packages must start prepare to this change as early as
> > possible.
> >
> > Hi Dmitry,
> > Could you provide the upstream OpenSSL project's issue ticket(s) or
> > pull-request(s) about the feature adding or updating the providers to
> > cover all the functionalities that engines have?
> > I would like to track the progress of the work.
> >
> 
> I'm quite surprised.
> I'm pretty sure that providers cover all the functionalities that engines
> have.
> (It doesn't mean that for each an every engine exists a 1:1 replacing
> provider, but it's a question to the authors of these engines)
> 
> If you are aware of any deficiencies, could you please let upstream or me
> know?

https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/MUFNAZT3IIVWPAYVNHP72SRL4XTKJRTY/
?

Zbyszek
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux