OpenSSL engine functionality is deprecated form Fedora 41, removed entirely from RHEL 10

[FaramosCZ]

In RHEL 10, the OpenSSL 'engine' functionality is removed. In Fedora, it is just deprecated (for now), and steps are taken to minimize the number of packages using it.

In practice, in RHEL 10, the "openssl/engine.h" is not available and the 'openssl-devel' package provides the 'OPENSSL_NO_ENGINE' directive. In Fedora, the "openssl/engine.h" is moved to a new sub-package 'openssl-devel-engine', which also provides the 'OPENSSL_NO_ENGINE' directive.

Galera has two places that use the include - one for the Galera code, the second for the Galera tests. While the Galera code include is properly conditionalized:

#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif // !defined(OPENSSL_NO_ENGINE)

and the Galera itself can be built without the OpenSSL engine support, the 'galerautils' tests can't be built without it.

I disabled build of the 'galerautils' tests in RHEL 10 as a workaround for now, https://gitlab.com/redhat/centos-stream/rpms/galera/-/commit/09732b28cb0aea7bc8dc75c13da3f506ba413f0a however I would like to ask you to remove the OpenSSL engine functionality for them properly.

[temeo]

It appears that the openssl/engine.h is not needed for unit test compilation at all, it must be some leftover. The unit test compilation without the engine header passed on all platforms RHEL 7-9 with the following patch:

diff --git a/galerautils/tests/gu_asio_test.cpp b/galerautils/tests/gu_asio_test.cpp
index 276cea7b..76ab99ca 100644
--- a/galerautils/tests/gu_asio_test.cpp
+++ b/galerautils/tests/gu_asio_test.cpp
@@ -1059,7 +1059,7 @@ END_TEST

 #include <openssl/bn.h>
 #include <openssl/conf.h>
-#include <openssl/engine.h>
+#include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ssl.h>

[FaramosCZ]

Perfect !

Would you mind merging this fix you proposed into the codebase ?

[temeo]

I will get this included in the next release.