On Thu, Apr 07, 2022 at 11:07:41AM +0500, Илья Шипицин wrote: > ср, 6 апр. 2022 г. в 14:08, William Lallemand <[email protected]>: > > > On Wed, Apr 06, 2022 at 09:45:02AM +0100, David CARLIER wrote: > > > > I recall there is a openssl3 port ongoing perhaps ? > > > > > > I was trying to see if the said 3.x portage work is close to be merged > > > to master then yes my patch is useless. > > > Otherwise > > > > In fact everything but the engine to provider port was merged! So you > > should only have warning about that. > > > > We will probably keep the engine support in the code and disabled it by > > default. But what could be done is adding > > -DOPENSSL_API_COMPAT=0x10100000L to the compiler command when activating > > USE_ENGINE. > > > > I'd suggest to use implicit "#if !defined(OPENSSL_NO_ENGINE)" which is > available for both openssl-1.1.1 and 3.0 > instead of explicit USE_ENGINE >
We already use OPENSSL_NO_ENGINE, which only checks if the engine support is available in openssl. This is not the actual problem, most of the time the engine support is built within OpenSSL, the problem is to be able to build without the deprecated API which means without the engine feature in HAProxy by default. -- William Lallemand
