libssl: Properly load ciphers and digests with OpenSSL 3.0

Since https://github.com/openssl/openssl/commit/661595ca0933fe631faeadd14a189acd5d4185e0
we can no longer rely on the ciphers and digests required for TLS to
be loaded by `OPENSSL_init_ssl()`, so let's give up and load everything.
I hope you have a lot of RAM.

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index b8ae19423367e1155d896389024df64dd6b43597..0cd6c2eb52edb8a112b8077d02843eed4f5f212a 100644 (file)
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -83,11 +83,19 @@ void registerOpenSSLUser()
 #ifdef HAVE_OPENSSL_INIT_CRYPTO
     /* load the default configuration file (or one specified via OPENSSL_CONF),
        which can then be used to load engines.
-       Do not load all ciphers and digests, we only need a few of them and these
+    */
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
+    /* Since 661595ca0933fe631faeadd14a189acd5d4185e0 we can no longer rely on the ciphers and digests
+       required for TLS to be loaded by OPENSSL_init_ssl(), so let's give up and load everything */
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, nullptr);
+#else /* OPENSSL_VERSION_MAJOR >= 3 */
+    /* Do not load all ciphers and digests, we only need a few of them and these
        will be loaded by OPENSSL_init_ssl(). */
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG|OPENSSL_INIT_NO_ADD_ALL_CIPHERS|OPENSSL_INIT_NO_ADD_ALL_DIGESTS, nullptr);
+#endif /* OPENSSL_VERSION_MAJOR >= 3 */
+
     OPENSSL_init_ssl(0, nullptr);
-#endif
+#endif /* HAVE_OPENSSL_INIT_CRYPTO */
 
 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER < 0x2090100fL))
     /* load error strings for both libcrypto and libssl */