Am 15.09.21 um 16:36 schrieb Selva Nair: > Hi, > > > Plaisthos is preparing patches that drop support for the APIs that are > deprecated in OpenSSL 3.0. > > Agreed that the OpenSSL 3.0 patches should be master only, so only 2.6 > will have full OpenSSL 3.0 support with external key support and > without > compiler warnings. > > > Good to see some discussion on OpenSSL 3.0 support. I'm working on > converting "cryptoapicert" to use a custom built-in provider. In fact, > the provider framework could be common for all external keys > (cryptoapicert, management-external-key and pkcs11) with only the key > loading and signing ops redirected to respective backends.
Depending on far you have come, you might be ahead of me. I didn't know that you are already working on that. > If Arne is adding a provider implementation for this, maybe I > should hold off? I am currently trying to get together a "small" provider by adapting code from https://github.com/tpm2-software/tpm2-openssl. My provider implmentation is already 600 lines of code since you need a lot of boiler plate code. But the whole documentation of provider API is not as great as it could be. You get documentation of all the function but you to figure yourself how all that fits together. I hope to have something ready at the end of the month. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
