Fedora project will be dropping openssl engine support #126
Comments
|
Not in this project. You should ask the wpa_supplicant folks. |
|
@traxtopel I would be happy to take a look because I am trying to gather more tpm2-openssl experience. My work involves using the TPM2 directly through the TPM software stack, however this has started to change and now I am forced to user openssl like it or not. My timeline for looking at tpm2-pkcs would be beginning of next year. The fedora announcement does not say when is this change into effect. Is it immediate? Thanks, |
|
I've been informed by the developer [email protected] that the OpenSSL maintainers have confirmed the engine API will be deprecated in a few months, which affects both TPM2 and PKCS11 implementations. Red Hat is shifting towards the pkcs11-provider as an alternative solution. However, I've encountered difficulties using this provider, even when using a patched wpa_supplicant (https://github.com/dcaratti/hostap-ctest/tree/pkcs11-use-provider-in-place-of-engine). In light of this, it would be beneficial patching wpa_supplicant to support the TPM2-openssl provider. Let me know if I can assist in testing. |
|
@traxtopel please send me an email at [email protected] to stay in touch. I will look into tpm2-provider support for wpa-supplicant for sure. Thank you for the good information. |
You are probably aware that the Fedora project will be dropping engine support in OpenSSL and wpa_supplicant. This will of course impact tpm2-pkcs11.
Are there any plans to add support for the tpm2-openssl provider to wpa_supplicant?
https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
The text was updated successfully, but these errors were encountered: