Hi,
> Plaisthos is preparing patches that drop support for the APIs that are > deprecated in OpenSSL 3.0. > > Agreed that the OpenSSL 3.0 patches should be master only, so only 2.6 > will have full OpenSSL 3.0 support with external key support and without > compiler warnings. Good to see some discussion on OpenSSL 3.0 support. I'm working on converting "cryptoapicert" to use a custom built-in provider. In fact, the provider framework could be common for all external keys (cryptoapicert, management-external-key and pkcs11) with only the key loading and signing ops redirected to respective backends. If Arne is adding a provider implementation for this, maybe I should hold off? Even otherwise, cryptoapicert.c needs some real cleanup -- I want to remove support for legacy keys (one's with drivers not compatible with the new crypto API in Windows -- CNG). Such tokens can be still used with pkcs11-helper assuming we'll continue to ship it with 2.6 Windows releases. The pkcs11-helper library will have to built with deprecated API enabled. Any thoughts? Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
