[openssh-commits] [openssh] branch master updated: Check for OPENSSL_NO_ENGINE for --with-ssl-engine.

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new 7235471fb Check for OPENSSL_NO_ENGINE for --with-ssl-engine.
7235471fb is described below

commit 7235471fb40705130d7f5816ec31ab562efc8cf9
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Sat Apr 25 20:00:38 2026 +1000

    Check for OPENSSL_NO_ENGINE for --with-ssl-engine.
    
    OpenSSL 4 removes support for ENGINE, but it provides no-op stubs
    for the ENGINE functions in addition to setting OPENSSL_NO_ENGINE.
    
    The presence of the stubs fooled the old configure test, so if someone
    tried --with-ssl-engine with OpenSSL 4.0.0 it'd try but fail at build
    time.  Explicitly check for OPENSSL_NO_ENGINE. before trying to enable
    ENGINE support.  bz#3952.
---
 configure.ac | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/configure.ac b/configure.ac
index a8e9df66b..dcb4c327e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3240,12 +3240,23 @@ if test "x$openssl" = "xyes" ; then
 	])
 
 	if test "x$openssl_engine" = "xyes" ; then
+		AC_CHECK_HEADERS([openssl/opensslconf.h openssl/configuration.h])
 		AC_MSG_CHECKING([for OpenSSL ENGINE support])
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+	#ifdef HAVE_OPENSSL_OPENSSLCONF_H
+	# include <openssl/opensslconf.h>
+	#endif
+	#ifdef HAVE_OPENSSL_CONFIGURATION_H
+	# include <openssl/configuration.h>
+	#endif
 	#include <openssl/engine.h>
 			]], [[
+				#ifndef OPENSSL_NO_ENGINE
 				ENGINE_load_builtin_engines();
 				ENGINE_register_all_complete();
+				#else
+				#error "OPENSSL_NO_ENGINE"
+				#endif
 			]])],
 			[ AC_MSG_RESULT([yes])
 			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.