Hello Fedora Packaging Committee, I have taken package review request of wolfssl a few days before, and I did not further investigate into crypto policies and approved this. The rpmlint reported wolfssl.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/libwolfssl.so.42.1.0 SSL_CTX_set_cipher_list with wolfssl package, as the issue was also raised by @decathorpe .
wolfssl.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/libwolfssl.so.42.1.0 SSL_CTX_set_cipher_list
cc @kni
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2302646 [2] https://github.com/wolfSSL/wolfssl
The rpmlint reported wolfssl.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/libwolfssl.so.42.1.0 SSL_CTX_set_cipher_list with wolfssl package, as the issue was also raised by @decathorpe .
This is indicative of the problem, but the actual underlying problem is that wolfssl has no code for dealing with system-wide crypto policies at all.
see also https://pagure.io/fesco/issue/3267
Yes, it is. I created the issue on the upstream, https://github.com/wolfSSL/wolfssl/issues/7941
Just for clarification, wolfssl calls wolfSSL_CTX_set_cipher_list, rather than SSL_CTX_set_cipher_list, as can be seen from the source code:
~/git/wolfssl/wolfssl$ grep -r SSL_CTX_set_cipher_list ./ ./openssl/ssl.h:#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list ./openssl/ssl.h:#define SSL_CTX_set_ciphersuites wolfSSL_CTX_set_cipher_list ./ssl.h:WOLFSSL_API int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list); ./ssl.h:WOLFSSL_API int wolfSSL_CTX_set_cipher_list_bytes(WOLFSSL_CTX* ctx, const byte* list, const int listSz);
Agreed, there is still the underlying issue of setting system-wide policies.
Log in to comment on this ticket.