Bug 1953480

Summary: opensc: Port to OpenSSL3.0
Product: Red Hat Enterprise Linux 9 Reporter: Sahana Prasad <sahana>
Component: openscAssignee: Jakub Jelen <jjelen>
Status: CLOSED CURRENTRELEASE QA Contact: Ivan Nikolchev <inikolch>
Severity: unspecified Docs Contact:
Priority: high    
Version: CentOS StreamCC: bstinson, fweimer, inikolch, jwboyer, ppisar
Target Milestone: betaKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opensc-0.21.0-6.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-07 21:57:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1958021    

Description Sahana Prasad 2021-04-26 08:36:31 UTC 
This bug is used to track the readiness of opensc with OpenSSL 3.0

currently the build fails with some porting issues:
https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=218236

Kindly fix them to ensure this package builds with OpenSSL 3.0, as we will introduce OpenSSL 3.0 in RHEL-9 very soon.

OpenSSL 3.0 package to test with:
http://download.eng.bos.redhat.com/rhel-9/nightly/RHEL-9-Beta/RHEL-9.0.0-20210414.0/compose/BaseOS/x86_64/os/Packages/openssl-3.0.0-0.alpha13.1.el9.x86_64.rpm

Note that the next build with alpha15 will be available soon.

OpenSSL compat package:

http://download.eng.bos.redhat.com/rhel-9/nightly/RHEL-9-Beta/RHEL-9.0.0-20210414.0/compose/BaseOS/x86_64/os/Packages/compat-openssl11-1.1.1k-1.el9.x86_64.rpm

If you ave any further queries, kindly mail

rhel-crypto 

Thank you
Comment 3 Jakub Jelen 2021-05-24 09:25:07 UTC 
At this moment, I did not manage to migrate all the stuff to 3.0 API so for now, we just disable deprecated warnings (-Wno-deprecated-declarations), that escalate to errors (-Werror is in place) to be able to build opensc with new openssl, fixing the other issues that will arise (const and  other incompatibilities). In longer-term (hopefully before beta), we will make sure we can build opensc with non-deprecated API. Some drafts and WIP PRs are here:

https://github.com/OpenSC/OpenSC/pull/2337

https://github.com/OpenSC/OpenSC/pull/2343


AC: Verify the package builds with new OpenSSL 3.0
Comment 4 Jakub Jelen 2021-05-24 09:38:35 UTC 
The CentOS stream MR: https://gitlab.com/redhat/centos-stream/rpms/opensc/-/merge_requests/1
Comment 9 Jakub Jelen 2021-07-15 09:16:16 UTC 
FYI, I added one more patch for openssl 3.0 to the package today to unbreak openssl-pkcs11 tests (bug #1959832#c12):

https://gitlab.com/redhat/centos-stream/rpms/opensc/-/merge_requests/3
https://github.com/OpenSC/OpenSC/pull/2367

Now, all the packages build against openssl 3.0 in koji/brew so I do not think we need re-verification.
Comment 10 Petr Pisar 2021-07-27 13:03:14 UTC 
A nightly compose RHEL-9.0.0-20210726.1 still does not contain this or a newer build. It is stuck at opensc-0.21.0-5.el9 which links to compat-openssl11.