Re: [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs
From: Adam Langley
Date: Tue Oct 05 2021 - 13:15:20 EST
On Tue, Oct 5, 2021 at 10:01 AM Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> I ran into these same -Wdeprecated-declarations compiler warnings on another
> project that uses the ENGINE API to access OpenSSL's support for PKCS#11 tokens.
> The conclusion was that in OpenSSL 3.0, the new API for PKCS#11 support isn't
> actually ready yet, so we had to keep using the ENGINE API and just add
> -Wno-deprecated-declarations to the compiler flags.
>
> Your patch just removes support for PKCS#11 in that case, which seems
> undesirable. (Unless no one is actually using it?)
The patch removes support when OPENSSL_NO_ENGINE is defined, but
that's not defined by default in OpenSSL 3.0. (Unless something
changed recently.)
When OPENSSL_NO_ENGINE is defined, ENGINE support is not compiled into
OpenSSL and the headers don't include the functions:
https://github.com/openssl/openssl/blob/master/include/openssl/engine.h
.
Cheers
AGL