From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 28 Nov 2020 15:42:52 +0000 (+0100)
Subject: openssl: use OPENSSL_init_ssl() with >= 1.1.0
X-Git-Tag: curl-7_74_0~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1835cb916e0d40eb8bc1165d5627a0b64f911bac;p=thirdparty%2Fcurl.git

openssl: use OPENSSL_init_ssl() with >= 1.1.0

Reported-by: Kovalkov Dmitrii and Per Nilsson
Fixes #6254
Fixes #6256
Closes #6260
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 04bf0c15a8..c905465a0c 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1115,6 +1115,21 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
  */
 static int Curl_ossl_init(void)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) &&  \
+  !defined(LIBRESSL_VERSION_NUMBER)
+  const uint64_t flags =
+#ifdef OPENSSL_INIT_ENGINE_ALL_BUILTIN
+    /* not present in BoringSSL */
+    OPENSSL_INIT_ENGINE_ALL_BUILTIN |
+#endif
+#ifdef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
+    OPENSSL_INIT_NO_LOAD_CONFIG |
+#else
+    OPENSSL_INIT_LOAD_CONFIG |
+#endif
+    0;
+  OPENSSL_init_ssl(flags, NULL);
+#else
   OPENSSL_load_builtin_modules();
 
 #ifdef USE_OPENSSL_ENGINE
@@ -1133,10 +1148,6 @@ static int Curl_ossl_init(void)
                          CONF_MFLAGS_IGNORE_MISSING_FILE);
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
-    !defined(LIBRESSL_VERSION_NUMBER)
-  /* OpenSSL 1.1.0+ takes care of initialization itself */
-#else
   /* Lets get nice error messages */
   SSL_load_error_strings();