Dear Jun,
On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him) <jar...@redhat.com> wrote: > On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy <dbely...@redhat.com> > wrote: > > > ... > >> > == Detailed Description == > >> > We are going to build OpenSSL without engine support. Engines are not > >> > FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. > >> > The engine functionality we are aware of (PKCS#11, TPM) is either > >> > covered by providers or will be covered soon. > >> > >> "will be covered soon" > >> > >> ... so lets wait until that work is actually complete before > >> removing this from openssl, otherwise there's a window of > >> brokenness in Fedora where the old feature is removed and > >> the new feature is not ready. > > > > > > I am not going to land this change until the tpm2 provider is landed in > Fedora. > > But the affected packages must start prepare to this change as early as > possible. > > Hi Dmitry, > Could you provide the upstream OpenSSL project's issue ticket(s) or > pull-request(s) about the feature adding or updating the providers to > cover all the functionalities that engines have? > I would like to track the progress of the work. > I'm quite surprised. I'm pretty sure that providers cover all the functionalities that engines have. (It doesn't mean that for each an every engine exists a 1:1 replacing provider, but it's a question to the authors of these engines) If you are aware of any deficiencies, could you please let upstream or me know? -- Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
