openssl: use OPENSSL_init_ssl() with >= 1.1.0

Reported-by: Kovalkov Dmitrii and Per Nilsson Fixes #6254 Fixes #6256 Closes #6260
2024-11-05 09:05:04 -05:00 · 2020-11-28 16:42:52 +01:00 · 2020-11-28 16:42:52 +01:00 · 1835cb916e
commit 1835cb916e
parent 6703eb2f4c
1 changed files with 15 additions and 4 deletions
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -1115,6 +1115,21 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
 */
 static int Curl_ossl_init(void)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) &&  \
+  !defined(LIBRESSL_VERSION_NUMBER)
+  const uint64_t flags =
+#ifdef OPENSSL_INIT_ENGINE_ALL_BUILTIN
+    /* not present in BoringSSL */
+    OPENSSL_INIT_ENGINE_ALL_BUILTIN |
+#endif
+#ifdef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
+    OPENSSL_INIT_NO_LOAD_CONFIG |
+#else
+    OPENSSL_INIT_LOAD_CONFIG |
+#endif
+    0;
+  OPENSSL_init_ssl(flags, NULL);
+#else
  OPENSSL_load_builtin_modules();

 #ifdef USE_OPENSSL_ENGINE
@ -1133,10 +1148,6 @@ static int Curl_ossl_init(void)
                         CONF_MFLAGS_IGNORE_MISSING_FILE);
 #endif

-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
-    !defined(LIBRESSL_VERSION_NUMBER)
-  /* OpenSSL 1.1.0+ takes care of initialization itself */
-#else
  /* Lets get nice error messages */
  SSL_load_error_strings();