From: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Date: Mon, 15 Jul 2024 04:54:48 +0000 (+0200)
Subject: document provider dependency handling
X-Git-Tag: openssl-3.1.8~134
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d08954dda23194812b303a8e2cf4749fef871d3d;p=thirdparty%2Fopenssl.git

document provider dependency handling

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24884)

(cherry picked from commit e8498dc6455fc36f70dc3a0ca1ef82b34c088a90)
---

diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod
index a061fc4709d..08ac1d02907 100644
--- a/doc/man7/provider.pod
+++ b/doc/man7/provider.pod
@@ -227,6 +227,18 @@ MODE is only present where applicable.
 Other aliases may exist for example where standards bodies or common practice
 use alternative names or names that OpenSSL has used historically.
 
+=head3 Provider dependencies
+
+Providers may depend for their proper operation on the availability of
+(functionality implemented in) other providers. As there is no mechanism to
+express such dependencies towards the OpenSSL core, provider authors must
+take care that such dependencies are either completely avoided or made visible
+to users, e.g., by documentation and/or defensive programming, e.g.,
+outputting error messages if required external dependencies are not available,
+e.g., when no provider implementing the required functionality has been
+activated. In particular, provider initialization should not depend on other
+providers already having been initialized.
+
 =head1 OPENSSL PROVIDERS
 
 OpenSSL provides a number of its own providers. These are the default, base,