On Tue, Feb 25, 2025 at 12:04 PM Peter Boy Uni <p...@uni-bremen.de> wrote:
> > > > Am 25.02.2025 um 09:09 schrieb Alexander Bokovoy <aboko...@redhat.com>: > >> ... > >> == Detailed Description == > >> We are going to build OpenSSL without engine support. Engines are not > >> FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. > >> The engine functionality we are aware of (PKCS#11, TPM) is covered by > >> providers. The package necessary to build engines > >> (openssl-devel-engine) is already declared as deprecated and will be > >> removed. For the applications that still unconditionally refer to > >> openssl/engine.h we will provide a dummy engine.h file > > > > The side effect is that FreeIPA will lose support for DNSSEC until we > > are able to migrate to bind 9.19+ for bind-dyndb-ldap. > > > > ... In Fedora, however, > > this means we'd have to disable DNSSEC completely, even for existing > > deployments. > > From the point of view of the Fedora Server Edition Working Group, this is > a no-go! And what is the reason to not move forward to bind 9.19+? Let me repeat. OpenSSL 4.0 without engine support will be here in, I'd say, F44, and compat package will not help you to _build_ the packages depending on engines. -- Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
