Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-54168

Please stop using OpenSSL ENGINE API in galera

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • rhel-10.0
    • galera
    • None
    • No
    • Important
    • rhel-sst-cs-databases
    • 8
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • All
    • None

      Dear colleagues,

      We got aware that your component relies on openssl/engine.h header that is not shipped with OpenSSL in CentOS 10/RHEL 10 any more.

      Engines are not FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. The engine functionality we are aware of (PKCS#11, TPM) is either covered by providers maintained by Crypto Team now or will be covered soon.

      As we removed the header some time ago, we kindly ask you to check that your component is buildable without it and if necessary implement patches to eliminate the dependency. Looks like your code doesn't rely on on ENGINE API so the headeer seems redundant. The compilation of applications using the ENGINE API or the header is now impossible.

      Feel free to reach the Crypto team, Dmitry Belyavskiy, Sahana Prasad, or Clemens Lang directly if you have any problems with the necessary changes.

              mschorm@redhat.com Michal Schorm
              dbelyavs@redhat.com Dmitry Belyavskiy
              Michal Schorm Michal Schorm
              bot rhel-cs-apps-subsystem-qe bot rhel-cs-apps-subsystem-qe
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: