Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.1
Affects Version/s: None
Component/s: ipa
Labels:
- commit
- fixed_upstream

Fixed in Build:
ipa-4.12.2-19.el10
Severity:
Important
Epic Link:
FREEIPA-11981

Pool Team:

rhel-sst-idm-ipa
AssignedTeam:
rhel-sst-idm-ipa
Sub-System Group:

ssg_idm

Dev Target Milestone:
12
Internal Target Milestone:
18
Story Points:
3
ACKs Check:

QE ack, Dev ack
Target Version:

rhel-10.1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
None

Preliminary Testing:
Fail
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Goal

For RHEL 10+ we have to use OpenSSL provider API as OpenSSL engine API is deprecated. This concerns BIND loading of the SoftHSM token holding DNSSEC keys

Acceptance criteria

A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

Use OpenSSL provider with BIND for RHEL10.1
DNS: detect when OpenSSL engine should be removed on upgrade
ipa-dnskeysyncd: use systemd-tmpfiles to handle tokens
update BIND-related dependencies
Make IPAAbstractVersion available to all platforms

Assignee:: Alexander Bokovoy

Reporter:: Francisco Trivino Garcia

Developer:: Florence Renaud

QA Contact:: Sudhir Menon

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/05/07 9:53 AM

Updated:: 2025/06/12 9:31 AM

Stale Date:: 2026/05/26

Dev Target end:: 2025/05/19

Target end:: 2025/06/30

	
		OSZAR »