On 9/22/22 15:40, Timothy Redaelli wrote:
> Currently, it's not possible to build OVS using OpenSSL 3.0 with
> --enable-Werror since OpenSSL 3.0 deprecated some functions.
> Moreover, it's not possible to generate dhparams.c anymore on
> OpenSSL 3.0 since -C option was removed from openssl dhparam tool.
>
> With this series, it's possible to generate lib/dhparams.c using OpenSSL 3.0
> and to replace the deprecated function by using the new one.
>
> OpenSSL team also suggests using SSL_CTX_set_dh_auto to set DH keys instead of
> use build-time hardcoded keys (it's also a good idea for FIPS compliance).
>
> Timothy Redaelli (2):
> dhparams: Fix .c file generation with OpenSSL >= 3.0
> Add support for openssl 3.0 functions
>
> build-aux/generate-dhparams-c | 81 +++
> lib/dhparams.c| 2 +
> lib/stream-ssl.c | 12 ++
> 3 files changed, 87 insertions(+), 8 deletions(-)
>
Thanks! Applied and backported down to 2.17 to avoid build
issues on LTS branch.
Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev