]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df8c936)
lib-ssl-iostream: Fix OpenSSL 3.0 provider/engine preference logic
authorFred Morcos <fred.morcos@open-xchange.com>
Thu, 8 May 2025 16:53:06 +0000 (18:53 +0200)
committeraki.tuomi <aki.tuomi@open-xchange.com>
Tue, 13 May 2025 08:59:22 +0000 (08:59 +0000)
m4/ssl.m4 patch | blob | blame | history
src/lib-ssl-iostream/dovecot-openssl-common.c patch | blob | blame | history

diff --git a/m4/ssl.m4 b/m4/ssl.m4
index 169d3d260d3e900d1d36bef70559644d49bb7ae1..02487955008d4505e2743fd635ec02f6ea873783 100644 (file)
--- a/m4/ssl.m4
+++ b/m4/ssl.m4
@@ -99,6 +99,7 @@ AC_DEFUN([DOVECOT_SSL], [
   DOVECOT_CHECK_SSL_FUNC([ERR_get_error_all])
   DOVECOT_CHECK_SSL_FUNC([EVP_MAC_CTX_new])
   DOVECOT_CHECK_SSL_FUNC([OSSL_PROVIDER_try_load])
+  DOVECOT_CHECK_SSL_FUNC([ENGINE_by_id])
   DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_tmp_dh_callback])
   DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_current_cert])
   DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set0_tmp_dh_pkey])
diff --git a/src/lib-ssl-iostream/dovecot-openssl-common.c b/src/lib-ssl-iostream/dovecot-openssl-common.c
index 0c7220d7166f7fa8581337dab0ce909b2adee05d..389234ae43ed33516af29880d30b9ccf49c834da 100644 (file)
--- a/src/lib-ssl-iostream/dovecot-openssl-common.c
+++ b/src/lib-ssl-iostream/dovecot-openssl-common.c
@@ -107,7 +107,14 @@ int dovecot_openssl_common_global_set_engine(const char *engine,
        if (dovecot_openssl_engine != NULL)
                return 1;
 
-#ifdef HAVE_ENGINE_by_id
+#ifdef HAVE_OSSL_PROVIDER_try_load
+       if ((dovecot_openssl_engine = OSSL_PROVIDER_try_load(NULL, engine, 1)) == NULL) {
+               *error_r = t_strdup_printf("Cannot load '%s': %s", engine,
+                                          openssl_iostream_error());
+               return 0;
+       }
+       return 1;
+#elif defined(HAVE_ENGINE_by_id)
        ENGINE_load_builtin_engines();
        dovecot_openssl_engine = ENGINE_by_id(engine);
        if (dovecot_openssl_engine == NULL) {
@@ -126,13 +133,6 @@ int dovecot_openssl_common_global_set_engine(const char *engine,
                dovecot_openssl_engine = NULL;
                return -1;
        }
-#elif defined(HAVE_OSSL_PROVIDER_try_load)
-       if ((dovecot_openssl_engine = OSSL_PROVIDER_try_load(NULL, engine, 1)) == NULL) {
-               *error_r = t_strdup_printf("Cannot load '%s': %s", engine,
-                                          openssl_iostream_error());
-               return 0;
-       }
-       return 1;
 #else
        *error_r = t_strdup_printf("Cannot load '%s': No engine/provider support available", engine);
 #endif
Mirror of https://github.com/dovecot/core.git