openssl: use OPENSSL_init_ssl() with >= 1.1.0

Reported-by: Kovalkov Dmitrii and Per Nilsson Fixes #6254 Fixes #6256 Closes #6260
author: Daniel Stenberg <daniel@haxx.se> 2020-11-28 16:42:52 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2020-12-03 22:30:38 +0100
commit: 1835cb916e0d40eb8bc1165d5627a0b64f911bac (patch)
tree: fea1dab8a532ed0a1d657f8a1d2ee0a32b342128
parent: 6703eb2f4cd3cd0cf008e5103e2ec7aa85eabedc (diff)
download: curl-1835cb916e0d40eb8bc1165d5627a0b64f911bac.tar.gz
1 files changed, 15 insertions, 4 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 04bf0c15a..c905465a0 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1115,6 +1115,21 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
  */
 static int Curl_ossl_init(void)
 {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) &&  \
+  !defined(LIBRESSL_VERSION_NUMBER)
+  const uint64_t flags =
+#ifdef OPENSSL_INIT_ENGINE_ALL_BUILTIN
+    /* not present in BoringSSL */
+    OPENSSL_INIT_ENGINE_ALL_BUILTIN |
+#endif
+#ifdef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
+    OPENSSL_INIT_NO_LOAD_CONFIG |
+#else
+    OPENSSL_INIT_LOAD_CONFIG |
+#endif
+    0;
+  OPENSSL_init_ssl(flags, NULL);
+#else
   OPENSSL_load_builtin_modules();
 
 #ifdef USE_OPENSSL_ENGINE
@@ -1133,10 +1148,6 @@ static int Curl_ossl_init(void)
                          CONF_MFLAGS_IGNORE_MISSING_FILE);
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
-    !defined(LIBRESSL_VERSION_NUMBER)
-  /* OpenSSL 1.1.0+ takes care of initialization itself */
-#else
   /* Lets get nice error messages */
   SSL_load_error_strings();
author	Daniel Stenberg <daniel@haxx.se>	2020-11-28 16:42:52 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2020-12-03 22:30:38 +0100
commit	1835cb916e0d40eb8bc1165d5627a0b64f911bac (patch)
tree	fea1dab8a532ed0a1d657f8a1d2ee0a32b342128
parent	6703eb2f4cd3cd0cf008e5103e2ec7aa85eabedc (diff)
download	curl-1835cb916e0d40eb8bc1165d5627a0b64f911bac.tar.gz