On 18/10/2020 11:19, Richard Levitte wrote:
> In summary, the time where no-xxx truly meant that the algorithm xxx
> is completely unavailable is long gone. The addition of ENGINEs
> changed that... not immediately, but as soon as the ENGINE API got
> functionality to help implement EVP_PKEY_M
I'm afraid your interpretation isn't quite correct. The no-xxx
options remove the actual code for the thing being disabled, but it
doesn't turn off access to a compatible implementation. For example,
you could conceptually have an ENGINE with an alternative DSA
implementation that's perfectly usa
Dear Kurt,
The situation in 1.1.1 was a bit fuzzier than you say.
E.g., openssl built with no-gost in fact permits loading an engine for use
in X.509/CMS, but GOST TLS support becomes unavailable.
On Sun, Oct 18, 2020 at 10:33 AM Kurt Roeckx wrote:
> Hi,
>
> It seems that we might start to int
Hi,
It seems that we might start to interprete the no-xxx options
differently. In 1.1.1 it would completly disable the feature in
libcrypto, the apps and libssl. It seems that now the
interpretation changed to just disable the support for it in the
provider. You might load a different provider tha