Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-45704

Enforce OPENSSL_NO_ENGINE in RHEL/CentOS

    • openssl-3.2.2-6.el10
    • None
    • None
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 25
    • 26
    • 0.5
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto24Q3
    • Hide

      AC1) The engine.h header is not included

      AC2) The OPENSSL_NO_ENGINE define is set

      AC3) The ENGINE_* APIs are available in the libcrypto.so file and there are no ABI changes compared to RHEL-9

      Show
      AC1) The engine.h header is not included AC2) The OPENSSL_NO_ENGINE define is set AC3) The ENGINE_* APIs are available in the libcrypto.so file and there are no ABI changes compared to RHEL-9
    • Pass
    • Not Needed
    • Automated
    • Deprecated Functionality
    • Hide
      .ENGINE API in OpenSSL is deprecated

      In RHEL 10, ENGINE API is deprecated and is planned to be removed in a future major release. No new applications should be built by using the ENGINE API. To keep application binary interface (ABI) and existing applications working, OpenSSL still exports the ENGINE symbols. To prevent new applications from using ENGINE API, OpenSSL sets the `OPENSSL_NO_ENGINE` flag system-wide, and the header `engine.h` that exposes the ENGINE API has been removed.
      Show
      .ENGINE API in OpenSSL is deprecated In RHEL 10, ENGINE API is deprecated and is planned to be removed in a future major release. No new applications should be built by using the ENGINE API. To keep application binary interface (ABI) and existing applications working, OpenSSL still exports the ENGINE symbols. To prevent new applications from using ENGINE API, OpenSSL sets the `OPENSSL_NO_ENGINE` flag system-wide, and the header `engine.h` that exposes the ENGINE API has been removed.
    • Done
    • None

      We can't break API/ABI for OpenSSL so we can't just build OpenSSL with no-engine

      We separate corresponding headers and man pages to a subpackage instead

              dbelyavs@redhat.com Dmitry Belyavskiy
              dbelyavs@redhat.com Dmitry Belyavskiy
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: