[PATCH] OpenSSL: use pkcs11-provider when OPENSSL_NO_ENGINE is defined
Jouni Malinen
j at w1.fi
Sun Feb 2 08:07:21 PST 2025
On Wed, Jan 15, 2025 at 06:04:54PM +0100, Davide Caratti wrote:
> Now that ENGINE API starts being deprecated in distros (like Fedora [1])
> wpa_supplicant users might need a way to load certificates and keys from
> PKCS11 URIs even when OPENSSL_NO_ENGINE is defined. We can do that using
> pkcs11-provider: load it by default in wpa_supplicant, and try to use it
> when OPENSSL_NO_ENGINE is defined and configuration requests PKCS11 URIs
> for certificates / keys.
>
> Inspired by pkcs11-provider test program 'tlssetkey.c' [2]
>
> [1] https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
> [2] https://github.com/latchset/pkcs11-provider/blob/main/tests/tlssetkey.c
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list