diff -up rsyslog-8.2408.0/runtime/net_ossl.c.orig rsyslog-8.2408.0/runtime/net_ossl.c --- rsyslog-8.2408.0/runtime/net_ossl.c.orig 2024-08-21 12:20:02.634846602 +0200 +++ rsyslog-8.2408.0/runtime/net_ossl.c 2024-08-21 12:23:59.487229756 +0200 @@ -223,6 +223,7 @@ osslGlblInit(void) PRAGMA_DIAGNOSTIC_PUSH PRAGMA_IGNORE_Wdeprecated_declarations +#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM // Initialize OpenSSL engine library ENGINE_load_builtin_engines(); /* Register all of them for every algorithm they collectively implement */ @@ -243,6 +244,7 @@ PRAGMA_IGNORE_Wdeprecated_declarations } // Free the engine reference when done ENGINE_free(osslEngine); +#endif PRAGMA_DIAGNOSTIC_POP } @@ -251,7 +253,10 @@ void osslGlblExit(void) { DBGPRINTF("openssl: entering osslGlblExit\n"); + +#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM ENGINE_cleanup(); +#endif ERR_free_strings(); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); @@ -638,7 +643,7 @@ net_ossl_chkonepeername(net_ossl_t *pThi #endif char *x509name = NULL; DEFiRet; - + if (certpeer == NULL) { ABORT_FINALIZE(RS_RET_TLS_NO_CERT); } @@ -1151,6 +1156,8 @@ net_ossl_init_engine(__attribute__((unus PRAGMA_DIAGNOSTIC_PUSH PRAGMA_IGNORE_Wdeprecated_declarations +#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM + // Get the default RSA engine ENGINE *default_engine = ENGINE_get_default_RSA(); if (default_engine) { @@ -1188,6 +1195,7 @@ PRAGMA_IGNORE_Wdeprecated_declarations } else { DBGPRINTF("net_ossl_init_engine: use openssl default Engine"); } +#endif PRAGMA_DIAGNOSTIC_POP RETiRet; diff -up rsyslog-8.2408.0/runtime/net_ossl.h.orig rsyslog-8.2408.0/runtime/net_ossl.h --- rsyslog-8.2408.0/runtime/net_ossl.h.orig 2024-08-21 12:19:42.902648065 +0200 +++ rsyslog-8.2408.0/runtime/net_ossl.h 2024-08-21 12:23:14.053772607 +0200 @@ -31,7 +31,11 @@ #if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) # include #endif -#include + +#ifdef ENABLE_OPENSSL_ENGINES_DOWNSTREAM +# include +#endif + #include #include