> Am 25.02.2025 um 09:09 schrieb Alexander Bokovoy <aboko...@redhat.com>: >> ... >> == Detailed Description == >> We are going to build OpenSSL without engine support. Engines are not >> FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. >> The engine functionality we are aware of (PKCS#11, TPM) is covered by >> providers. The package necessary to build engines >> (openssl-devel-engine) is already declared as deprecated and will be >> removed. For the applications that still unconditionally refer to >> openssl/engine.h we will provide a dummy engine.h file > > The side effect is that FreeIPA will lose support for DNSSEC until we > are able to migrate to bind 9.19+ for bind-dyndb-ldap. > > ... In Fedora, however, > this means we'd have to disable DNSSEC completely, even for existing > deployments.
From the point of view of the Fedora Server Edition Working Group, this is a no-go! — Peter Boy https://fedoraproject.org/wiki/User:Pboy p...@fedoraproject.org Timezone: CET (UTC+1) / CEST (UTC+2) Fedora Server Edition Working Group member Fedora Docs team contributor and board member Java developer and enthusiast -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
