OpenSSL 3.0.0 deprecates ENGINE APIs #31
Comments
|
A fix for me using libressl (pretty sure it's the same issue) is to use the OPENSSL_NO_ENGINE def (from /usr/local/include/openssl/opensslfeatures.h) in neverbleed.c. --- deps/neverbleed/neverbleed.c.orig 2023-12-11 18:48:55 UTC
+++ deps/neverbleed/neverbleed.c
@@ -2220,6 +2220,7 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
EC_KEY_METHOD_set_sign(ecdsa_method, ecdsa_sign_proxy, NULL, NULL);
#endif
+#if !defined(OPENSSL_NO_ENGINE)
if ((nb->engine = ENGINE_new()) == NULL || !ENGINE_set_id(nb->engine, "neverbleed") ||
!ENGINE_set_name(nb->engine, "privilege separation software engine") || !ENGINE_set_RSA(nb->engine, rsa_method)
#ifdef NEVERBLEED_ECDSA
@@ -2230,6 +2231,7 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
goto Fail;
}
ENGINE_add(nb->engine);
+#endif
}
#endifGoing by the name, I would think it is not libressl specific. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
It looks like OpenSSL 3.0.0 deprecates ENGINE related APIs and bunch of low-level getters and setters.
There are lots of deprecation warnings when compiled with OpenSSL 3.0.0.
The text was updated successfully, but these errors were encountered: