From 04bcc9fe35ef3e9bdeab7bdf800b1d08a55b12b9 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Tue, 15 Oct 2024 16:19:09 +0100
Subject: [PATCH] [Minor] Use OSSL_PROVIDER_load on RHEL based distros

---
 config.h.in              |  1 +
 rpm/rspamd.spec          |  1 +
 src/libserver/ssl_util.c | 12 +++++++++---
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/config.h.in b/config.h.in
index 9aff90783..0ed2cd6b2 100644
--- a/config.h.in
+++ b/config.h.in
@@ -116,6 +116,7 @@
 #cmakedefine WITH_FASTTEXT       1
 #cmakedefine BACKWARD_ENABLE     1
 #cmakedefine HAVE_BUILTIN_CPU_SUPPORTS 1
+#cmakedefine RSPAMD_LEGACY_SSL_PROVIDER 1
 
 #cmakedefine DISABLE_PTHREAD_MUTEX 1
 
diff --git a/rpm/rspamd.spec b/rpm/rspamd.spec
index 0727d2430..663fa0929 100644
--- a/rpm/rspamd.spec
+++ b/rpm/rspamd.spec
@@ -137,6 +137,7 @@ rm -f %{_builddir}/luajit-build/lib/*.so || true
         -DWANT_SYSTEMD_UNITS=ON \
         -DNO_SHARED=ON \
         -DNO_TARGET_VERSIONS=1 \
+        -DRSPAMD_LEGACY_SSL_PROVIDER=1 \
 %ifarch x86_64 amd64 arm64 aarch64
         -DENABLE_HYPERSCAN=ON \
 %endif
diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c
index b739961a8..b97e2a498 100644
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -1,11 +1,11 @@
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -1054,6 +1054,9 @@ gpointer rspamd_init_ssl_ctx_noverify(void)
 
 	return ssl_ctx_noverify;
 }
+#if defined(RSPAMD_LEGACY_SSL_PROVIDER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
 
 void rspamd_openssl_maybe_init(void)
 {
@@ -1075,6 +1078,9 @@ void rspamd_openssl_maybe_init(void)
 #else
 		OPENSSL_init_ssl(0, NULL);
 #endif
+#if defined(RSPAMD_LEGACY_SSL_PROVIDER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+		(void) OSSL_PROVIDER_load(NULL, "legacy");
+#endif
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 		OPENSSL_config(NULL);
-- 
2.39.5