From 6684653b682bae0be75ea62bb473b126923952f1 Mon Sep 17 00:00:00 2001
From: Philipp Waehnert <philipp.waehnert@mgm-tp.com>
Date: Wed, 25 Jul 2018 11:00:15 +0200
Subject: configure: add option to disable automatic OpenSSL config loading

Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.

Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.

Fixes #2724
Closes #2791
---
 lib/vtls/openssl.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/vtls')

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index ce890fe3c..d257d9490 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -994,9 +994,11 @@ static int Curl_ossl_init(void)
 #define CONF_MFLAGS_DEFAULT_SECTION 0x0
 #endif
 
+#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
   CONF_modules_load_file(NULL, NULL,
                          CONF_MFLAGS_DEFAULT_SECTION|
                          CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
     !defined(LIBRESSL_VERSION_NUMBER)
-- 
cgit v1.2.3