On Sat, Jan 04, 2025 at 01:44:00AM +0000, Klemens Nanni wrote:
> 03.01.2025 14:15, Stuart Henderson пишет:
> > I wonder if LD_DEBUG will give any clues as to what's happening here.
>
> loading: libcrypto.so.55.0 required by /usr/local/lib/pkcs11/opensc-pkcs11.so
>
> The dlopen()ed module from security/opensc uses LibreSSL.
One would expect the pkcs11 implementations to use only data types etc
defined by the standard, with pkcs11 consumers and providers being
able to use different crypto implementations. Hence the optimistic
diff provided for openvpn, which didn't bother activating any mbedtls
support in security/pkcs11-helper.
Except for some psa_* symbols, all the symbols in libmbedcrypto.so are
prefixed with "mbedcrypto_", so we don't have to fear a symbol name
clash here. I have no idea what's going wrong, maybe I'll take a look
later.
> I doubt we want mbedtls flavors everywhere.
Indeed, we cannot have two openvpn flavors with each depending on
conflicting pkcs11-helper flavors: that doesn't work in bulk builds.
> jca, pehaps just leave openvpn as-is?
Yep. Thanks folks for your test reports.
--
jca
No comments:
Post a Comment