Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Building expects openssl/engine.h despite engine API being deprecated? #570

Open
polarathene opened this issue Sep 10, 2024 · 0 comments
Open

Comments

@polarathene
Copy link

Equivalent of alexcrichton/ssh2-rs#328

  cargo:warning=curl/lib/vtls/openssl.c:103:10: fatal error: 'openssl/engine.h' file not found
  cargo:warning=  103 | #include <openssl/engine.h>
  cargo:warning=      |          ^~~~~~~~~~~~~~~~~~
  cargo:warning=1 warning and 1 error generated.

Curl likewise can opt-out:

https://github.com/curl/curl/blob/curl-8_9_1/lib/vtls/openssl.c#L100-L104

#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) && /* 0.9.7 or later */     \
  !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE)
#define USE_OPENSSL_ENGINE
#include <openssl/engine.h>
#endif

For Fedora 41 onwards openssl-devel-engine provides build compatibility for the time being. A brief overview follows:

https://discussion.fedoraproject.org/t/f41-change-proposal-openssl-deprecate-engine-system-wide

Engines are not FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. The engine functionality we are aware of (PKCS#11, TPM) is either covered by providers or will be covered soon.

We are going to prevent creating the new packages dependent on OpenSSL ENGINE API and remove ENGINE dependencies from the existing packages.

OpenSSL libcrypto.so exports the same ENGINE_* symbols as for f40. Applications relying on the ENGINE API can’t be built but still work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant