From 7bdced89f206a0cc181229fdcf3b9728c0593540 Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Dec 09 2020 17:48:27 +0000
Subject: Apply patch bz1688892-fix-openssl-init-genhash.patch


patch_name: bz1688892-fix-openssl-init-genhash.patch
present_in_specfile: true

---

diff --git a/configure.ac b/configure.ac
index 504b9b9..c964a11 100644
--- a/configure.ac
+++ b/configure.ac
@@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
 # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a
 AC_CHECK_FUNCS([SSL_CTX_set_verify_depth])
 
-# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0
-AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto])
-
-# TLS_method() introduced OpenSSL v1.1.0
-AC_CHECK_FUNCS([TLS_method])
+# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
+AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method])
 
 # In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
 # OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
-AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes],
+AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes],
       [
+        AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method])
 	AC_RUN_IFELSE(
 	  [AC_LANG_PROGRAM(
 	    [[#include <openssl/ssl.h>]],
@@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method =
 		return 1;
 
 	      /* Initialize SSL context */
-	      meth = TLS_method();
+	      meth = $method_func();
 	      if (!(ctx = SSL_CTX_new(meth)))
 		return 1;
 	      return 0;
diff --git a/genhash/ssl.c b/genhash/ssl.c
index 8e9162c..96f5120 100644
--- a/genhash/ssl.c
+++ b/genhash/ssl.c
@@ -45,8 +45,14 @@ init_ssl(void)
 {
 	/* Library initialization */
 #if HAVE_OPENSSL_INIT_CRYPTO
+#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
+	/* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
+	 * It works in v1.1.0h and v1.1.1b.
+	 * It transpires that it works without setting NO_LOAD_CONFIG, but it is
+	 * presumably more efficient not to load it. */
 	if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
 		fprintf(stderr, "OPENSSL_init_crypto failed\n");
+#endif
 #else
 	SSL_library_init();
 	SSL_load_error_strings();