Applied the patch + #ifdefs to build against either openssl 1.1 or 3.0 (using the now deprecated APIs).
make test-release passes when I try it on both Ubuntu 20.04 and 22.04. I was able to successfully build and install a private release of IoT Edge on 22.04 using this change and then subsequently run a basic workload (no need to install openssl 1.1 as a workaround).
The code to load the default provider in identityd was necessary to avoid the error mentioned here. I originally had, but then removed, the provider load on certd and didn't see any adverse impact in my manual E2E test with a device provisioned using X.509 certs and running a basic workload. In the discussion someone mentioned they had TPM provisioning working without the need for it. So, I also didn't bother with tpmd.
Note: Building the key/aziot-key-openssl-engine-shared/build/engine.c on 22.04 will fail in the linker if its done within the normal Debian packaging process (i.e. using dpkg-buildpackage). The workaround introduced with this PR is to instead build the bits first before the normal packaging.
Applied the patch + #ifdefs to build against either openssl 1.1 or 3.0 (using the now deprecated APIs).
make test-release
passes when I try it on both Ubuntu 20.04 and 22.04. I was able to successfully build and install a private release of IoT Edge on 22.04 using this change and then subsequently run a basic workload (no need to install openssl 1.1 as a workaround).The code to load the default provider in identityd was necessary to avoid the error mentioned here. I originally had, but then removed, the provider load on certd and didn't see any adverse impact in my manual E2E test with a device provisioned using X.509 certs and running a basic workload. In the discussion someone mentioned they had TPM provisioning working without the need for it. So, I also didn't bother with tpmd.
Note: Building the
key/aziot-key-openssl-engine-shared/build/engine.c
on 22.04 will fail in the linker if its done within the normal Debian packaging process (i.e. using dpkg-buildpackage). The workaround introduced with this PR is to instead build the bits first before the normal packaging.