On Mon, Sep 20, 2021 at 09:52:55PM +0000, Aleksander Adamowski wrote: > On Mon, Sep 20, 2021 at 2:19 PM, Eric Biggers wrote: > > > Aleksander: there still shouldn't be any compiler warnings. In my test script > > (scripts/run-tests.sh) I actually use -Werror. If there isn't a good way to > > avoid these deprecation warnings (and I'd prefer not to have code that's > > conditional on different OpenSSL versions), we can just add > > -Wno-deprecated-declarations to the Makefile for now. > > I think -Wno-deprecated-declarations is the best option for now. > > I took a few looks around and the community isn't ready for OpenSSL 3.0 just > yet with PKCS#11 support. > > The release happened just 2 weeks ago. > > Projects like libp11 (https://github.com/OpenSC/libp11), the PKCS#11 engine > implementation for OpenSSL, haven't yet caught up to that fact - there's no > trace of discussion about migrating to the Providers API anywhere on their > mailing lists or issue tracker. > > The official OpenSSL release does not come with a PKCS#11 provider, and it only > acknowledges a potential future existence of such in a single sentence in their > design doc (https://www.openssl.org/docs/OpenSSL300Design.html): > > "For example a PKCS#11 provider may opt out of caching because its algorithms > may become available and unavailable over time." > > Since this is a completely new, redesigned API, I expect it to take some time > before alternatives to existing Engine-based implementations arise. I've pushed out a change which adds -Wno-deprecated-declarations. Tomasz, I'd still appreciate any details on what actually caused the test programs to not build for you, as I can't reproduce it myself. - Eric
|