Meaning of no-xxx option

2020-10-18 Thread Kurt Roeckx
Hi, It seems that we might start to interprete the no-xxx options differently. In 1.1.1 it would completly disable the feature in libcrypto, the apps and libssl. It seems that now the interpretation changed to just disable the support for it in the provider. You might load a different provider

Re: Meaning of no-xxx option

2020-10-18 Thread Richard Levitte
I'm afraid your interpretation isn't quite correct. The no-xxx options remove the actual code for the thing being disabled, but it doesn't turn off access to a compatible implementation. For example, you could conceptually have an ENGINE with an alternative DSA implementation that's perfectly

Re: Meaning of no-xxx option

2020-10-18 Thread Dmitry Belyavsky
Dear Kurt, The situation in 1.1.1 was a bit fuzzier than you say. E.g., openssl built with no-gost in fact permits loading an engine for use in X.509/CMS, but GOST TLS support becomes unavailable. On Sun, Oct 18, 2020 at 10:33 AM Kurt Roeckx wrote: > Hi, > > It seems that we might start to