From 5dd0765607135a418289bc4a20060f31eeaede73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 2 Jul 2024 18:29:18 +0200
Subject: [PATCH] Disable ENGINE support

---
 auto/options                  | 3 +++
 configure                     | 4 ++++
 src/event/ngx_event_openssl.c | 7 +++----
 src/event/ngx_event_openssl.h | 2 +-
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/auto/options b/auto/options
index 6a6e990..3cc983d 100644
--- a/auto/options
+++ b/auto/options
@@ -45,6 +45,8 @@ USE_THREADS=NO
 
 NGX_FILE_AIO=NO
 
+NGX_SSL_NO_ENGINE=NO
+
 QUIC_BPF=NO
 
 HTTP=YES
@@ -373,6 +375,7 @@ use the \"--with-mail_ssl_module\" option instead"
 
         --with-openssl=*)                OPENSSL="$value"           ;;
         --with-openssl-opt=*)            OPENSSL_OPT="$value"       ;;
+        --without-engine)                NGX_SSL_NO_ENGINE=YES      ;;
 
         --with-md5=*)
             NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG
diff --git a/configure b/configure
index 5b88ebb..3a2129e 100755
--- a/configure
+++ b/configure
@@ -104,6 +104,10 @@ have=NGX_HTTP_UWSGI_TEMP_PATH value="\"$NGX_HTTP_UWSGI_TEMP_PATH\""
 have=NGX_HTTP_SCGI_TEMP_PATH value="\"$NGX_HTTP_SCGI_TEMP_PATH\""
 . auto/define
 
+if [ $NGX_SSL_NO_ENGINE = YES ]; then
+    have=NGX_SSL_NO_ENGINE . auto/have
+fi
+
 . auto/make
 . auto/lib/make
 . auto/install
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 6f7f2a2..f939706 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -842,7 +842,7 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
 
     if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
 
-#ifndef OPENSSL_NO_ENGINE
+#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
 
         u_char  *p, *last;
         ENGINE  *engine;
@@ -6119,8 +6119,7 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle)
 static char *
 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
-#ifndef OPENSSL_NO_ENGINE
-
+#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
     ngx_openssl_conf_t *oscf = conf;
 
     ENGINE     *engine;
@@ -6170,7 +6169,7 @@ ngx_openssl_exit(ngx_cycle_t *cycle)
 #if OPENSSL_VERSION_NUMBER < 0x10100003L
 
     EVP_cleanup();
-#ifndef OPENSSL_NO_ENGINE
+#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
     ENGINE_cleanup();
 #endif
 
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 761f48d..c60b16d 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -20,7 +20,7 @@
 #include <openssl/conf.h>
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
-#ifndef OPENSSL_NO_ENGINE
+#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
 #include <openssl/engine.h>
 #endif
 #include <openssl/evp.h>
-- 
2.44.0