# else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
/* grab the COMP method ptr because openssl leaks it */
# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
# else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
if(!ub_openssl_lock_init())
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#endif /* HAVE_SSL */
}
+4 February 2026: Wouter
+ - Fix local privilege escalation on Windows. Thanks to Hao Huang
+ for the report. The OpenSSL init calls are set to not load
+ the openssl.cnf file when compiled for Windows.
+
3 February 2026: Yorgos
- Eagerly remove .skip mark files in between mini_tdir.sh runs in case
there has been a change on the environment.
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
if(dolist) do_list_builtin();
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
if(!RAND_status()) {
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#endif /* HAVE_SSL */
#ifdef HAVE_NSS
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#endif /* HAVE_SSL */
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
}
run(h2_session, port, no_tls, argc, argv);
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
do_service(addr, port, key, cert);
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
| OPENSSL_INIT_ADD_ALL_DIGESTS
- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
#else
- (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+# if defined(OPENSSL_INIT_NO_LOAD_CONFIG) && defined(UB_ON_WINDOWS)
+ | OPENSSL_INIT_NO_LOAD_CONFIG
+# endif
+ , NULL);
#endif
}
send_em(svr, pp2_client, udp, usessl, noanswer, onarrival, delay, argc, argv);
projects / thirdparty / unbound.git / commitdiff
