Bug 2018916

Summary: dotnet3.1: FTBFS with OpenSSL 3.0.0.
Product: [Fedora] Fedora Reporter: Sahana Prasad <sahana>
Component: dotnet3.1Assignee: Omair Majid <omajid>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: crummel, dotnet-packagers, francisco.vergarat, harold, omajid, rjanekov
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-20 00:29:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1825937, 1992484    

Description Sahana Prasad 2021-11-01 09:08:39 UTC 
This bug is used to track the readiness of dotnet3.1 with OpenSSL 3.0.0.

Currently the build fails to build with OpenSSL 3.0.0 with the following logs
https://koji.fedoraproject.org/koji/taskinfo?taskID=78020162

Kindly fix them to ensure this package builds with OpenSSL 3.0.0

You can treat the deprecated warnings not as errors if you want to continue to use deprecated functions, but it is encouraged to use the new APIs, and this migration could be done sooner than later.

To not treat deprecated warnings as errors, you may use
-Wno-error=deprecated-declarations

To port to new APIs, kindly refer to the OpenSSL upstream migration guide:
https://www.openssl.org/docs/manmaster/man7/migration_guide.html

Thank you
Comment 1 Omair Majid 2021-11-01 14:12:07 UTC 
The new/about-to-be-release upstream version of .NET (.NET 6) has OpenSSL 3.0 support already: https://github.com/dotnet/runtime/issues/46526

Supporting OpenSSL 3.1 (which goes EOL in about a year) involves a large amount of fairly invasive changes: https://github.com/dotnet/corefx/pull/43078

I am considering EOL'ing dotnet3.1 in Fedora rather than risk breaking security in .NET.
Comment 2 Omair Majid 2022-01-20 00:29:28 UTC 
Porting .NET Core 3.1 to OpenSSL 3.1 is quite difficult to verify and there is a significant risk of accidentally breaking some important security feature.

New versions of .NET, such as .NET 6 are compatible with OpenSSL 3.0 and will work fine. It's likely .NET Core 3.1 will be EOL before Fedora removes OpenSSL 1.1. 

I am closing this bug as WONTFIX.