From: Jan Stancek <jstancek@redhat.com>
To: dhowells@redhat.com, dwmw2@infradead.org, zxu@redhat.com,
keyrings@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, jstancek@redhat.com
Subject: [PATCH 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0
Date: Fri, 12 Jul 2024 09:11:13 +0200 [thread overview]
Message-ID: <cover.1720728319.git.jstancek@redhat.com> (raw)
The ENGINE interface has its limitations and it has been superseded
by the PROVIDER API, it is deprecated in OpenSSL version 3.0.
Some distros have started removing it from header files.
Update sign-file and extract-cert to use PROVIDER API for OpenSSL Major >= 3.
Tested on F39 with openssl-3.1.1, pkcs11-provider-0.5-2, openssl-pkcs11-0.4.12-4
and softhsm-2.6.1-5 by using same key/cert as PEM and PKCS11 and comparing that
the result is identical.
Jan Stancek (3):
sign-file,extract-cert: move common SSL helper functions to a header
sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
MAINTAINERS | 1 +
certs/Makefile | 2 +-
certs/extract-cert.c | 138 +++++++++++++++++++++++--------------------
scripts/sign-file.c | 134 +++++++++++++++++++++--------------------
scripts/ssl-common.h | 32 ++++++++++
5 files changed, 178 insertions(+), 129 deletions(-)
create mode 100644 scripts/ssl-common.h
--
2.39.3
next reply other threads:[~2024-07-12 7:11 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-12 7:11 Jan Stancek [this message]
2024-07-12 7:11 ` [PATCH 1/3] sign-file,extract-cert: move common SSL helper functions to a header Jan Stancek
2024-08-13 10:04 ` Jarkko Sakkinen
2024-07-12 7:11 ` [PATCH 2/3] sign-file,extract-cert: avoid using deprecated ERR_get_error_line() Jan Stancek
2024-08-13 10:12 ` Jarkko Sakkinen
2024-07-12 7:11 ` [PATCH 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Jan Stancek
2024-08-13 10:23 ` Jarkko Sakkinen
2024-08-02 13:10 ` [PATCH 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0 Herbert Xu
2024-08-02 17:59 ` Jarkko Sakkinen
2024-08-02 18:27 ` Jan Stancek
2024-08-02 19:54 ` Jarkko Sakkinen
2024-08-06 20:27 ` Neal Gompa
2024-09-20 11:42 ` Neal Gompa
2024-09-20 15:34 ` Jarkko Sakkinen
2024-09-20 20:05 ` Jan Stancek
2024-09-20 22:16 ` Jarkko Sakkinen
2024-09-03 8:11 ` R Nageswara Sastry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1720728319.git.jstancek@redhat.com \
--to=jstancek@redhat.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zxu@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox