MEDIUM: ssl: initialize the SSL stack explicitely

In issue #2448, users are complaining that FIPS is not working correctly
since the removal of SSL_library_init().

This was removed because SSL_library_init() is deprecated with OpenSSL
3.x and emits a warning. But the initialization was not needed anymore
because it is done at the first openssl API call.

However it some cases it is needed. SSL_library_init() is now a define
to OPENSSL_init_ssl(0, NULL). This patch adds OPENSSL_init_ssl(0, NULL)
to the init.

This could be backported in every stable branches, however let's wait
before backporting it.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 307f18945a41f15b507599eebb4662798c5a6788..bd2031c73871da5fde85329dd84938fc5a59b977 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7490,6 +7490,8 @@ static void __ssl_sock_init(void)
        xprt_register(XPRT_SSL, &ssl_sock);
 #if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
        SSL_library_init();
+#elif HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
+       OPENSSL_init_ssl(0, NULL);
 #endif
 #if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
        cm = SSL_COMP_get_compression_methods();