Loading...

XML

Word

Printable

Acceptance Criteria:

Hide

AC1) The engine.h header is not included

AC2) The OPENSSL_NO_ENGINE define is set

AC3) The ENGINE_* APIs are available in the libcrypto.so file and there are no ABI changes compared to RHEL-9

Show
AC1) The engine.h header is not included AC2) The OPENSSL_NO_ENGINE define is set AC3) The ENGINE_* APIs are available in the libcrypto.so file and there are no ABI changes compared to RHEL-9
Preliminary Testing:
Pass
Test Link:
http://10.2.68.92/case/0617740/
Errata Link:
https://errata.engineering.redhat.com/advisory/133129
Gating Tests:

Not Needed
Test Coverage:

Automated

Release Note Type:
Deprecated Functionality
Release Note Text:

Hide
.ENGINE API in OpenSSL is deprecated

In RHEL 10, ENGINE API is deprecated and is planned to be removed in a future major release. No new applications should be built by using the ENGINE API. To keep application binary interface (ABI) and existing applications working, OpenSSL still exports the ENGINE symbols. To prevent new applications from using ENGINE API, OpenSSL sets the `OPENSSL_NO_ENGINE` flag system-wide, and the header `engine.h` that exposes the ENGINE API has been removed.

Show
.ENGINE API in OpenSSL is deprecated In RHEL 10, ENGINE API is deprecated and is planned to be removed in a future major release. No new applications should be built by using the ENGINE API. To keep application binary interface (ABI) and existing applications working, OpenSSL still exports the ENGINE symbols. To prevent new applications from using ENGINE API, OpenSSL sets the `OPENSSL_NO_ENGINE` flag system-wide, and the header `engine.h` that exposes the ENGINE API has been removed.
Release Note Status:
In Progress

We can't break API/ABI for OpenSSL so we can't just build OpenSSL with no-engine

We separate corresponding headers and man pages to a subpackage instead

is related to

RHEL-58344 allow third parties to build against their own engine.h

links to

RHBA-2024:133129 OpenSSL bugfix release