configure: add option to disable automatic OpenSSL config loading

Sometimes it may be considered a security risk to load an external OpenSSL configuration automatically inside curl_global_init(). The configuration option --disable-ssl-auto-load-config disables this automatism. The Windows build scripts winbuild/Makefile.vs provide a corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean value. Setting neither of these options corresponds to the previous behavior loading the external OpenSSL configuration automatically. Fixes #2724 Closes #2791
author: Philipp Waehnert <philipp.waehnert@mgm-tp.com> 2018-07-25 11:00:15 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2018-09-07 09:38:33 +0200
commit: 6684653b682bae0be75ea62bb473b126923952f1 (patch)
tree: 3e5749139cd2cdaba658fbd530473c51beffe197 /lib
parent: c515294cec6ee9b72d68e6f13dc1972bcf3fed30 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index ce890fe3c..d257d9490 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -994,9 +994,11 @@ static int Curl_ossl_init(void)
 #define CONF_MFLAGS_DEFAULT_SECTION 0x0
 #endif
 
+#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
   CONF_modules_load_file(NULL, NULL,
                          CONF_MFLAGS_DEFAULT_SECTION|
                          CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
     !defined(LIBRESSL_VERSION_NUMBER)
author	Philipp Waehnert <philipp.waehnert@mgm-tp.com>	2018-07-25 11:00:15 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2018-09-07 09:38:33 +0200
commit	6684653b682bae0be75ea62bb473b126923952f1 (patch)
tree	3e5749139cd2cdaba658fbd530473c51beffe197 /lib
parent	c515294cec6ee9b72d68e6f13dc1972bcf3fed30 (diff)