On Tue, Sep 09, 2025 at 10:57:01AM -0700, Kevin Fenzi wrote: > On Tue, Sep 09, 2025 at 02:50:32PM +0000, Gary Buhrmaster wrote: > > On Tue, Sep 9, 2025 at 10:00 AM Dmitry Belyavskiy <dbely...@redhat.com> > > wrote: > > > > > OpenSSL upstream has started development of the version OpenSSL 4.0 > > > It will imply soname bump, removing ENGINE support, etc. > > > > I seem to recall someone stating that currently > > Fedora itself uses the engine support for some > > infrastructure purpose (I would guess something > > about signing, but I don't really recall it being > > stated). > > > > Does Fedora infrastructure have a plan > > (probably un-resourced today) to migrate > > to openssl providers, or should we expect > > the openssl 3.x compatibility package > > to live for another decade or so? > > The current signing tool (sigul) needs engine support. > However, it's being re-written by Jeremy in rust and > I hope it will no longer have that requirement once we > move to the new application. >
Yes, I've already implemented those particular bits using pkcs11-provider so it won't need any engine support. It only works with RHEL 10+, I think, but that shouldn't be an issue. - Jeremy -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
