Saravanan created GUACAMOLE-2089:
------------------------------------
Summary: Will 1.6.0 compile with openssl-fips-1.0.2zj
Key: GUACAMOLE-2089
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2089
Project: Guacamole
Issue Type: Task
Components: guacamole-server
Affects Versions: 1.6.0
Environment: OS: SUSE Linux Enterprise Server 12 SP3
OpenSSL: openssl-fips-1.0.2zj
Reporter: Saravanan
*Background:* We successfully compiled and deployed guacamole-server-1.4.0 on
SLES 12 SP3 with OpenSSL-FIPS-1.0.2j. The compilation worked because 1.4.0
includes OpenSSL compatibility shims (rsa-compat.h, dsa-compat.h) that provide
OpenSSL 1.1.x-style functions for older OpenSSL versions.
*Evidence from 1.4.0:*
* config.h shows: {{/* #undef HAVE_RSA_GET0_KEY */}} (function not available
in 1.0.2)
* rsa-compat.c provides: {{RSA_get0_key()}} implementation using direct struct
access ({{{}rsa_key->n{}}}, {{{}rsa_key->e{}}})
* This compatibility layer allows 1.4.0 to work seamlessly with OpenSSL 1.0.2
*Question:* Does guacamole-server-1.6.0 still include these OpenSSL 1.0.2
compatibility shims, or were they removed?
*Specific Environment:*
* OS: SUSE Linux Enterprise Server 12 SP3
* OpenSSL: openssl-fips-1.0.2zj
* Target: guacamole-server-1.6.0
*Why this matters:* Many enterprise environments are restricted to
FIPS-validated OpenSSL versions. Understanding the minimum OpenSSL version
requirements helps administrators plan deployments and upgrades.
*Request:* Could the development team clarify:
# Whether 1.6.0 maintains OpenSSL 1.0.2 compatibility
# If not, what is the minimum supported OpenSSL version for 1.6.0
# Any official guidance on OpenSSL version requirements
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
