Comment 4 for bug 1771506

This is not just a testing issue, it means that xenapi will not able to talk to xen agent at runtime, with openssl 1.1.1 binary.

Since openssl binary is executed, it's a bit hard to determine if it failed or not. As it generates genuine errors and warning in stderr.

In this case the password derivation function has been deprecated in OpenSSL but it still works. I don't know what xen api agent can or cannot accept, thus I don't think it is safe to upgrade the openssl command to use stronger key derivation. Instead, we should whitelist the harmless warning and not treat it as an error.

I do not believe the string is translated in OpenSSL upstream.

Please see the attached path.

It would be copyright canonical, with OpenStack CLA signed. But i'm not sure when I will have time to submit this patch upstream properly.