More detailed explanation how do engines work in 3.0

author Dmitry Belyavskiy <beldmit@gmail.com>

Tue, 23 Nov 2021 14:18:52 +0000 (15:18 +0100)

committer Dmitry Belyavskiy <beldmit@gmail.com>

Tue, 30 Nov 2021 08:42:04 +0000 (09:42 +0100)
author Dmitry Belyavskiy <beldmit@gmail.com>
Tue, 23 Nov 2021 14:18:52 +0000 (15:18 +0100)
committer Dmitry Belyavskiy <beldmit@gmail.com>
Tue, 30 Nov 2021 08:42:04 +0000 (09:42 +0100)
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod

index 627173f180b0af84787c49852bd1326163312234..67e102fa4c181cb0aa769971df11189a22486fa6 100644 (file)
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -121,6 +121,21 @@ FIPS module, as detailed below. Authors and maintainers of external engines are
  strongly encouraged to refactor their code transforming engines into providers
  using the new Provider API and avoiding deprecated methods.
  
+=head3 Support of legacy engines
+
+If openssl is not built without engine support or deprecated API support, engines
+will still work. However, their applicability will be limited.
+
+New algorithms provided via engines will still work.
+
+Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
+In this case the B<EVP_PKEY> objects created via L<ENGINE_load_private_key(3)>
+will be concidered legacy and will continue to work.
+
+To ensure the future compatibility, the engines should be turned to providers.
+To prefer the provider-based hardware offload, you can specify the default
+properties to prefer your provider.
+
  =head3 Versioning Scheme
  
  The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
author	Dmitry Belyavskiy <beldmit@gmail.com>
	Tue, 23 Nov 2021 14:18:52 +0000 (15:18 +0100)
committer	Dmitry Belyavskiy <beldmit@gmail.com>
	Tue, 30 Nov 2021 08:42:04 +0000 (09:42 +0100)