From: Kees Cook <email@example.com>
To: Lee Jones <firstname.lastname@example.org>
Cc: Eric Biggers <email@example.com>, Adam Langley <firstname.lastname@example.org>,
email@example.com, David Howells <firstname.lastname@example.org>,
David Woodhouse <email@example.com>,
Subject: Re: [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs
Date: Wed, 2 Mar 2022 12:52:02 -0800 [thread overview]
Message-ID: <202203021251.1DB0383C@keescook> (raw)
On Tue, Oct 05, 2021 at 07:11:02PM +0100, Lee Jones wrote:
> On Tue, 05 Oct 2021, Eric Biggers wrote:
> > On Tue, Oct 05, 2021 at 10:14:58AM -0700, Adam Langley wrote:
> > > On Tue, Oct 5, 2021 at 10:01 AM Eric Biggers <firstname.lastname@example.org> wrote:
> > > > I ran into these same -Wdeprecated-declarations compiler warnings on another
> > > > project that uses the ENGINE API to access OpenSSL's support for PKCS#11 tokens.
> > > > The conclusion was that in OpenSSL 3.0, the new API for PKCS#11 support isn't
> > > > actually ready yet, so we had to keep using the ENGINE API and just add
> > > > -Wno-deprecated-declarations to the compiler flags.
> > > >
> > > > Your patch just removes support for PKCS#11 in that case, which seems
> > > > undesirable. (Unless no one is actually using it?)
> > >
> > > The patch removes support when OPENSSL_NO_ENGINE is defined, but
> > > that's not defined by default in OpenSSL 3.0. (Unless something
> > > changed recently.)
> > >
> > > When OPENSSL_NO_ENGINE is defined, ENGINE support is not compiled into
> > > OpenSSL and the headers don't include the functions:
> > > https://github.com/openssl/openssl/blob/master/include/openssl/engine.h
> > > .
> > Okay so this patch is actually a build fix for when OpenSSL doesn't include
> > ENGINE support?
> > Currently this patch claims that it's removing the use of a
> > "deprecated" API, which is something entirely different.
> I see your point.
> Happy to rejig the commit message if that would help.
These warnings are quite noisy on Fedora rawhide and other distros that
have moved to OpenSSL 3.0. It's not clear to me from this thread if this
patch is actually the correct fix?
next prev parent reply other threads:[~2022-03-02 20:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 16:18 [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs Lee Jones
2021-10-05 17:01 ` Eric Biggers
2021-10-05 17:14 ` Adam Langley
2021-10-05 17:25 ` Eric Biggers
2021-10-05 17:33 ` Adam Langley
2021-10-05 18:11 ` Lee Jones
2022-03-02 20:52 ` Kees Cook [this message]
2022-03-03 9:26 ` Lee Jones
2022-03-03 18:05 ` Kees Cook
2022-03-08 10:31 ` [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available Lee Jones
2022-03-10 16:51 ` Kees Cook
2022-03-10 17:15 ` Adam Langley
2022-05-15 7:16 ` Salvatore Bonaccorso
2022-05-15 9:40 ` Lee Jones
2022-05-16 15:39 ` Shuah Khan
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).