freeipa

Clone
Source Code
GIT

1311df2 Use OpenSSL provider with BIND for Fedora 42+ and RHEL10+

10 files Authored by abbra a month ago, Committed by frenaud a month ago,
raw patch tree parent
10 files changed. 140 lines added. 29 lines removed.
freeipa.spec.in
file modified
+10 -2
install/share/Makefile.am
file modified
+2 -0
install/share/bind.openssl.provider.cnf.template
file added
+19
install/share/bind.openssl.provider.crp.cnf.template
file added
+25
ipaplatform/base/constants.py
file modified
+1 -0
ipaplatform/fedora/constants.py
file modified
+8 -1
ipaplatform/rhel/constants.py
file modified
+6 -1
ipaserver/dnssec/bindmgr.py
file modified
+18 -9
ipaserver/install/dnskeysyncinstance.py
file modified
+43 -12
ipaserver/install/server/upgrade.py
file modified
+8 -4 
    Use OpenSSL provider with BIND for Fedora 42+ and RHEL10+
    
    OpenSSL Engine API is deprecated and ability to compile against it is
    removed in RHEL10. OpenSSL provider API is the future.
    
    Fedora 42+ also defaults to OpenSSL provider. With pkcs11-provider, the
    same PKCS#11 modules can be loaded transparently like with OpenSSL
    engines. Thus, we can update configuration to use the provider API.
    
    While Fedora 41 also defaults to OpenSSL provider, we need BIND version
    that supports using OpenSSL provider API. This backport was only done in
    Fedora 42.
    
    Fixes: https://pagure.io/freeipa/issue/9696
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
file modified
+10 -2
file modified
+2 -0
file added
+19
file added
+25
file modified
+1 -0
file modified
+8 -1
file modified
+6 -1
file modified
+18 -9
file modified
+43 -12
file modified
+8 -4
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.