hi, On Wed, Nov 20, 2024 at 11:09 AM Clemens Lang <cllang@xxxxxxxxxx> wrote: > > Hi, > > > On 19. Nov 2024, at 17:47, Arthur Bols <arthur@xxxxxxxx> wrote: > > > > A few days ago pkcs11-provider-0.5-3.fc41 update was pushed to Fedora 41. Unfortunately, this update breaks eduroam and possibly many other WPA2-Enterprise wifi networks. There are multiple threads on Fedora Discussion, mainly [0], and a bug report [1]. > > > > I understand that the maintainers implemented this change with the best intentions, however, could someone clarify why this provider was enabled so abruptly in this update? Wouldn’t such a change typically require a change proposal? Given how many users are affected, would it make sense to consider rolling back the update until there’s a fix? > > I think the bug can be fixed in wpa_supplicant, but until that happens, users should just uninstall pkcs11-provider. > > The idea here was to auto-enable pkcs11-provider when it is installed, which still makes sense to me. The issue here I think is that many people ended up with pkcs11-provider installed because of a recommendation. We should remove that recommendation, most users don’t need pcks11-provider installed. I'm trying a setup right now, to understand what's happening. wpa_supplicant does not need pkcs11-provider *at the moment*, because it uses engine API for pkcs11 (and that is going to be a problem in the future for EAP-TLS with pkcs11, if engine disappears from openssl). However, it loads the legacy provider at startup, because it's needed for MSCHAPv2 in the inner authentication. -- davide -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue