Add a config option to disable automatic config loading

./config no-autoload-config

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5959)

diff --git a/Configure b/Configure
index 99ab26f4a727d34d7028786d7a26bd5ddf53491c..5703302f6cc810426cc927bc718277d661636b56 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -325,6 +325,7 @@ my @disablables = (
     "async",
     "autoalginit",
     "autoerrinit",
     "async",
     "autoalginit",
     "autoerrinit",

+    "autoload-config",

     "bf",
     "blake2",
     "camellia",
     "bf",
     "blake2",
     "camellia",


@@ -426,7 +427,7 @@ my %deprecated_disablables = (
 # All of the following are disabled by default:
 
 our %disabled = ( # "what"         => "comment"
 # All of the following are disabled by default:
 
 our %disabled = ( # "what"         => "comment"

-                  "asan"               => "default",
+                 "asan"                => "default",

                  "crypto-mdebug"       => "default",
                  "crypto-mdebug-backtrace" => "default",
                  "devcryptoeng"        => "default",
                  "crypto-mdebug"       => "default",
                  "crypto-mdebug-backtrace" => "default",
                  "devcryptoeng"        => "default",

diff --git a/INSTALL b/INSTALL
index 71d6b8883fb20f0d7483944a82b9ebd812b0fa5a..c0163a9371daf9cd7a4ba052381fcc51f5732d26 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -276,6 +276,10 @@
                    error strings. For a statically linked application this may
                    be undesirable if small executable size is an objective.
 
                    error strings. For a statically linked application this may
                    be undesirable if small executable size is an objective.
 

+  no-autoload-config
+                   Don't automatically load the default openssl.cnf file.
+                   Typically OpenSSL will automatically load a system config
+                   file which configures default ssl options.

 
   no-capieng
                    Don't build the CAPI engine. This option will be forced if
 
   no-capieng
                    Don't build the CAPI engine. This option will be forced if

diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 607355681d12d732d0b6d4aa9f8e640a24c121b0..ed2bf845d40939878542a37f51420a487d7bca35 100644 (file)
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -195,7 +195,9 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
     }
 
     if (!OPENSSL_init_crypto(opts
     }
 
     if (!OPENSSL_init_crypto(opts

+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG

                              | OPENSSL_INIT_LOAD_CONFIG
                              | OPENSSL_INIT_LOAD_CONFIG

+#endif

                              | OPENSSL_INIT_ADD_ALL_CIPHERS
                              | OPENSSL_INIT_ADD_ALL_DIGESTS,
                              settings))
                              | OPENSSL_INIT_ADD_ALL_CIPHERS
                              | OPENSSL_INIT_ADD_ALL_DIGESTS,
                              settings))

diff --git a/test/ssl_test.c b/test/ssl_test.c
index f2a18121bbb87d4ea8c16bf0b0680358dee0bbb5..7453a9d10e1eca3449870d44511de95b9f15f6a5 100644 (file)
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -467,6 +467,11 @@ static int test_handshake(int idx)
         }
     }
 
         }
     }
 

+#ifdef OPENSSL_NO_AUTOLOAD_CONFIG
+    if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))
+        goto err;
+#endif
+

     if (!TEST_ptr(server_ctx)
             || !TEST_ptr(client_ctx)
             || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
     if (!TEST_ptr(server_ctx)
             || !TEST_ptr(client_ctx)
             || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))