From: Bernd Edlinger Date: Sun, 15 Apr 2018 10:02:25 +0000 (+0200) Subject: Add a config option to disable automatic config loading X-Git-Tag: OpenSSL_1_1_1-pre6~114 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=dbabc862966b9afbcc55c59cc07ab643a14ffb31;p=oweals%2Fopenssl.git Add a config option to disable automatic config loading ./config no-autoload-config Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5959) --- diff --git a/Configure b/Configure index 99ab26f4a7..5703302f6c 100755 --- a/Configure +++ b/Configure @@ -325,6 +325,7 @@ my @disablables = ( "async", "autoalginit", "autoerrinit", + "autoload-config", "bf", "blake2", "camellia", @@ -426,7 +427,7 @@ my %deprecated_disablables = ( # All of the following are disabled by default: our %disabled = ( # "what" => "comment" - "asan" => "default", + "asan" => "default", "crypto-mdebug" => "default", "crypto-mdebug-backtrace" => "default", "devcryptoeng" => "default", diff --git a/INSTALL b/INSTALL index 71d6b8883f..c0163a9371 100644 --- a/INSTALL +++ b/INSTALL @@ -276,6 +276,10 @@ error strings. For a statically linked application this may be undesirable if small executable size is an objective. + no-autoload-config + Don't automatically load the default openssl.cnf file. + Typically OpenSSL will automatically load a system config + file which configures default ssl options. no-capieng Don't build the CAPI engine. This option will be forced if diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index 607355681d..ed2bf845d4 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -195,7 +195,9 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) } if (!OPENSSL_init_crypto(opts +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG | OPENSSL_INIT_LOAD_CONFIG +#endif | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, settings)) diff --git a/test/ssl_test.c b/test/ssl_test.c index f2a18121bb..7453a9d10e 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -467,6 +467,11 @@ static int test_handshake(int idx) } } +#ifdef OPENSSL_NO_AUTOLOAD_CONFIG + if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL))) + goto err; +#endif + if (!TEST_ptr(server_ctx) || !TEST_ptr(client_ctx) || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))