On Wed, Nov 20, 2024 at 11:38 AM Davide Caratti <dcara...@redhat.com> wrote:
> hi, > > On Wed, Nov 20, 2024 at 11:09 AM Clemens Lang <cll...@redhat.com> wrote: > > > > Hi, > > > > > On 19. Nov 2024, at 17:47, Arthur Bols <art...@bols.dev> wrote: > > > > > > A few days ago pkcs11-provider-0.5-3.fc41 update was pushed to Fedora > 41. Unfortunately, this update breaks eduroam and possibly many other > WPA2-Enterprise wifi networks. There are multiple threads on Fedora > Discussion, mainly [0], and a bug report [1]. > > > > > > I understand that the maintainers implemented this change with the > best intentions, however, could someone clarify why this provider was > enabled so abruptly in this update? Wouldn’t such a change typically > require a change proposal? Given how many users are affected, would it make > sense to consider rolling back the update until there’s a fix? > > > > I think the bug can be fixed in wpa_supplicant, but until that happens, > users should just uninstall pkcs11-provider. > > > > The idea here was to auto-enable pkcs11-provider when it is installed, > which still makes sense to me. The issue here I think is that many people > ended up with pkcs11-provider installed because of a recommendation. We > should remove that recommendation, most users don’t need pcks11-provider > installed. > > I'm trying a setup right now, to understand what's happening. > wpa_supplicant does not need pkcs11-provider *at the moment*, because > it uses engine API for pkcs11 (and that is going to be a problem in > the future for EAP-TLS with pkcs11, if engine disappears from > openssl). However, it loads the legacy provider at startup, because > it's needed for MSCHAPv2 in the inner authentication. > Do you also load the default provider and/or set default fetching properties? -- Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
