MEDIUM: ssl: initialize the SSL stack explicitely
In issue #2448, users are complaining that FIPS is not working correctly
since the removal of SSL_library_init().
This was removed because SSL_library_init() is deprecated with OpenSSL
3.x and emits a warning. But the initialization was not needed anymore
because it is done at the first openssl API call.
However it some cases it is needed. SSL_library_init() is now a define
to OPENSSL_init_ssl(0, NULL). This patch adds OPENSSL_init_ssl(0, NULL)
to the init.
This could be backported in every stable branches, however let's wait
before backporting it.
(cherry picked from commit 7e9e4a8f501191044bf37341b6b5df68219e9e1c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit a93432de6645e5fb365993c846229863cb048e9c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d1e1335..51dfd82 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7590,6 +7590,8 @@
xprt_register(XPRT_SSL, &ssl_sock);
#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_library_init();
+#elif HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
+ OPENSSL_init_ssl(0, NULL);
#endif
#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
cm = SSL_COMP_get_compression_methods();