On Thu, Mar 21, 2024 at 12:15:43PM +0100, Dmitry Belyavskiy wrote: > Dear Jun, > > > > On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him) <jar...@redhat.com> > wrote: > > > On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy <dbely...@redhat.com> > > wrote: > > > > > ... > > >> > == Detailed Description == > > >> > We are going to build OpenSSL without engine support. Engines are not > > >> > FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. > > >> > The engine functionality we are aware of (PKCS#11, TPM) is either > > >> > covered by providers or will be covered soon. > > >> > > >> "will be covered soon" > > >> > > >> ... so lets wait until that work is actually complete before > > >> removing this from openssl, otherwise there's a window of > > >> brokenness in Fedora where the old feature is removed and > > >> the new feature is not ready. > > > > > > > > > I am not going to land this change until the tpm2 provider is landed in > > Fedora. > > > But the affected packages must start prepare to this change as early as > > possible. > > > > Hi Dmitry, > > Could you provide the upstream OpenSSL project's issue ticket(s) or > > pull-request(s) about the feature adding or updating the providers to > > cover all the functionalities that engines have? > > I would like to track the progress of the work. > > > > I'm quite surprised. > I'm pretty sure that providers cover all the functionalities that engines > have. > (It doesn't mean that for each an every engine exists a 1:1 replacing > provider, but it's a question to the authors of these engines) > > If you are aware of any deficiencies, could you please let upstream or me > know?
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/MUFNAZT3IIVWPAYVNHP72SRL4XTKJRTY/ ? Zbyszek -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
