Loading...

XML

Word

Printable

Acceptance Criteria:

Hide

AC1) Ensure that Build Requires in libssh spec file doesn't include openssl-pkcs11
AC2) torture_auth_pkcs11, torture_pki_rsa_uri and torture_pki_ecdsa_uri upstream tests are passing
AC3 Stretch goal) Make sure that https://github.com/latchset/pkcs11-provider/blob/main/tests/integration/libssh.sh test is passing

Show
AC1) Ensure that Build Requires in libssh spec file doesn't include openssl-pkcs11 AC2) torture_auth_pkcs11, torture_pki_rsa_uri and torture_pki_ecdsa_uri upstream tests are passing AC3 Stretch goal) Make sure that https://github.com/latchset/pkcs11-provider/blob/main/tests/integration/libssh.sh test is passing
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/133180
Gating Tests:

Not Needed
Test Coverage:

Automated

Release Note Type:
Removed Functionality
Release Note Text:

Hide

Description: OpenSSL Engines are deprecated and upstream will also remove it's functionality in the near future. Since the inception of providers in OpenSSL 3.0.0, the usage of engines is not recommended. Therefore openssl-pkcs11 package is dropped from Build Requires section now.
Consequence: Instead of using engines, pkcs11-provider has be used as a replacement. This build adds support for pkcs11-provider and the tests pass with it.

Show
Description: OpenSSL Engines are deprecated and upstream will also remove it's functionality in the near future. Since the inception of providers in OpenSSL 3.0.0, the usage of engines is not recommended. Therefore openssl-pkcs11 package is dropped from Build Requires section now. Consequence: Instead of using engines, pkcs11-provider has be used as a replacement. This build adds support for pkcs11-provider and the tests pass with it.
Release Note Status:
Proposed

To unblock openssl no-engine process, we need libssh to be built without engine support for CentOS10

links to

RHBA-2024:133180 libssh update