Remove OpenSSL engine support #5991
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The ENGINE API is deprecated in OpenSSL 3.0; the intended replacement is the Provider API. See also BOINC#5356, for which this addresses one (but not all) of the reported deprecation warnings.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The ENGINE API is deprecated in OpenSSL 3.0; the intended replacement is the Provider API.
See also #5356, for which this addresses one (but not all) of the reported deprecation warnings.
This is also motivated by F41 Change Proposal: OpenSSL Deprecate Engine (system-wide). OpenSSL ENGINE API support has not been removed from Fedora, but there is an effort to identify packages that require it and gradually fix them. A similar change appears in RHEL10.
Description of the Change
This simply removes each instance of
#include <openssl/engine.h>and the one function call to OpenSSL’s ENGINE API,ENGINE_load_builtin_engines().Alternate Designs
The call to
ENGINE_load_builtin_engines()was added a very long time in 5ba9c00 as part of x.509 signature generation support. I’m making a guess in this PR that it can be removed without consequence, but it’s not immediately obvious to me how to test this properly. It’s possible that this breaks something important, and if that’s the case, then the Provider API in OpenSSL 3.0 is the intended replacement for the ENGINE API.Release Notes
Removed support for deprecated OpenSSL engines.