Bug 2242853

Summary: Migrate from using OpenSSL engines to pkcs11-provider
Product: [Fedora] Fedora Reporter: Sahana Prasad <shebburn>
Component: bind-dyndb-ldapAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 40CC: abokovoy, dns-sig, pemensik, pvoborni, rjeffman, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: bind-dyndb-ldap-11.11-3.fc43 bind-dyndb-ldap-11.11-3.fc42 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-04-01 15:36:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2123076    

Description Sahana Prasad 2023-10-09 11:53:15 UTC 
OpenSSL 3.0.0 deprecated the support for using engines and introduced the concept of providers. Since your package requires openssl-pkcs11, we recommend that you stop using it, and migrate to using the pkcs11-provider instead. pkcs11-provider is an OpenSSL provider that allows it to directly interface with a pkcs11 driver. The RHEL Crypto team is actively working on this provider and we are willing to help you migrate to it. To read more about the pkcs11-provider you can have a look at this upstream link - https://github.com/latchset/pkcs11-provider.

If you have any questions kindly write an email to rhel-crypto, we are more than happy to help. There is no deadline as such for this migration task but we will remove the openssl-pkcs11 package from RHEL-10 onwards. We wanted to give you an early heads up about it so that you have enough time to plan this migration. In case you are not interested in doing the migration activity, let us know.                                        

Just a note that pkcs11-provider is a new project and we are working continuously to improve it and test it extensively. If you encounter any issues, feel free to report them upstream.

Thank you for your understanding and we are looking forward to your collaboration.


Reproducible: Always
Comment 1 Aoife Moloney 2024-02-15 22:59:12 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 40 development cycle.
Changing version to 40.
Comment 2 Fedora Admin user for bugzilla script actions 2024-10-16 02:02:04 UTC 
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Comment 3 Fedora Update System 2025-04-01 07:46:01 UTC 
FEDORA-2025-ba58df94bd (bind-9.18.35-2.fc43, bind-dyndb-ldap-11.11-3.fc43, and 1 more) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-ba58df94bd
Comment 4 Fedora Update System 2025-04-01 07:46:40 UTC 
FEDORA-2025-a97bd2a08c (bind-9.18.35-2.fc42, bind-dyndb-ldap-11.11-3.fc42, and 1 more) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-a97bd2a08c
Comment 5 Fedora Update System 2025-04-01 15:36:58 UTC 
FEDORA-2025-ba58df94bd (bind-9.18.35-2.fc43, bind-dyndb-ldap-11.11-3.fc43, and 1 more) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Fedora Update System 2025-04-02 01:12:38 UTC 
FEDORA-2025-a97bd2a08c has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-a97bd2a08c`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-a97bd2a08c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2025-04-11 18:26:08 UTC 
FEDORA-2025-a97bd2a08c (bind-9.18.35-2.fc42, bind-dyndb-ldap-11.11-3.fc42, and 1 more) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.