hi, On Wed, Nov 20, 2024 at 11:09 AM Clemens Lang <cll...@redhat.com> wrote: > > Hi, > > > On 19. Nov 2024, at 17:47, Arthur Bols <art...@bols.dev> wrote: > > > > A few days ago pkcs11-provider-0.5-3.fc41 update was pushed to Fedora 41. > > Unfortunately, this update breaks eduroam and possibly many other > > WPA2-Enterprise wifi networks. There are multiple threads on Fedora > > Discussion, mainly [0], and a bug report [1]. > > > > I understand that the maintainers implemented this change with the best > > intentions, however, could someone clarify why this provider was enabled so > > abruptly in this update? Wouldn’t such a change typically require a change > > proposal? Given how many users are affected, would it make sense to > > consider rolling back the update until there’s a fix? > > I think the bug can be fixed in wpa_supplicant, but until that happens, users > should just uninstall pkcs11-provider. > > The idea here was to auto-enable pkcs11-provider when it is installed, which > still makes sense to me. The issue here I think is that many people ended up > with pkcs11-provider installed because of a recommendation. We should remove > that recommendation, most users don’t need pcks11-provider installed.
I'm trying a setup right now, to understand what's happening. wpa_supplicant does not need pkcs11-provider *at the moment*, because it uses engine API for pkcs11 (and that is going to be a problem in the future for EAP-TLS with pkcs11, if engine disappears from openssl). However, it loads the legacy provider at startup, because it's needed for MSCHAPv2 in the inner authentication. -- davide -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
