Chiming in on this topic: Currently, the libp11 packages in stretch (0.4.3-1) as well in sid (0.4.4-1) link against openssl 1.0. That also results in libengine-pkcs11-openssl being built for openssl 1.0 and PKCS#11 engine support for openssl 1.1 and all applications built against openssl 1.0 being broken. I know I'm very late to this party, with the freeze and all, but the situation is rather unsatisfactory. Would it still be possible to have libengine-pkcs11-openssl built with openssl 1.1? Looking at the so and la files in that package, it should even be possible to build a version of only that package for openssl 1.1.
Thanks, Christoph -- Spare Space