Enable OpenSSL legacy providers support #194
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This pull request introduces a modification to the build process to include the legacy module (
legacy.so
) in the OpenSSL installation. This change is essential for enabling certain legacy ciphering algorithms that might still be required for specific integrations.Key Changes
enable-legacy
flag in the OpenSSL build process. This flag allows OpenSSL to compile and include legacy cryptographic algorithms.legacy.so
file is now copied into the final build. This enables runtime configuration of OpenSSL to use legacy ciphers.Important Notes
OPENSSL_MODULES
to point OpenSSL to the location of additional modules:OPENSSL_MODULES="/opt/lib/ossl-modules"
OPENSSL_CONF
environment variable:OPENSSL_CONF="{path to custom openssl config file}"
Impact
By including the legacy module and providing instructions on how to enable legacy algorithms, this change ensures that applications requiring older encryption methods can function correctly without significant changes to their cryptographic dependencies.