Bug 1952937
Summary: | freerdp: Port to OpenSSL 3.0 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Sahana Prasad <sahana> |
Component: | freerdp | Assignee: | Ondrej Holy <oholy> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Martin Krajnak <mkrajnak> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | CentOS Stream | CC: | bstinson, carl, fweimer, jwboyer, tpelka |
Target Milestone: | beta | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | freerdp-2.2.0-8.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-12-07 21:44:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1958021 |
Description
Sahana Prasad
2021-04-23 15:36:47 UTC
Just note that the only problem seems to be the "FIPS_mode_set" and "FIPS_mode" functions, which have been removed from OpenSSL 3.0 and the https://wiki.openssl.org/index.php/OpenSSL_3.0 document describes some ways how to fix that. we have a FIPS compatibility downstream patch that supports # define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL) There is no sidetag yet, kindly use this build https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1571383 I will notify you where there is a sidetag. Ah, that explains why the RHEL build log contains only FIPS_mode_set failure, whereas the Fedora one contains also FIPS_mode failure. However, this downstream patch doesn't help here, since FIPS_mode_set needs to be replaced anyway. Just I am not super sure what is the right way, can the plain EVP_set_default_properties(NULL, "fips=yes") call be used as a replacement for FIPS_mode_set? The proposed upstream fix has been merged so I think that we can backport it now. |