Yup, I'm sorry for being too hard. I agree the use of this function must be conditional - not only in the way of handling old versions with #ifdef: I just got the same issue with openssl PHP extension, which I tried to fix the same way; it appeared that calling OPENSSL_config() two times in two different modules (though curl extension doesn't do it directly) leads to openssl configuration error. So, this seems to be not that trivial. I've also found old discussions in the mailing list - this workaround is known long ago, seems it has it own reasons for not being commited.

---
** [bugs:#1208] curl is unable to load non-default openssl engines**
**Status:** open-confirmed
**Labels:** openssl 
**Created:** Mon Mar 25, 2013 12:18 AM UTC by drook
**Last Updated:** Mon Mar 25, 2013 09:38 AM UTC
**Owner:** Daniel Stenberg
curl is unable to load non-default openssl engines, because openssl isn't initialized properly - curl ignores the openssl configutration file. for example curl cannot load ccgost engine, provided since 1.0.0:
    # /usr/local/openssl/bin/openssl engine
    (rsax) RSAX engine support
    (rdrand) Intel RDRAND engine
    (dynamic) Dynamic engine loading support
    (gost) Reference implementation of GOST engine
    # ldd /usr/local/curl/bin/curl
        linux-vdso.so.1 =>  (0x00007fff0c9ff000)
        libcurl.so.4 => /usr/local/curl/lib/libcurl.so.4 (0x00007fb5f1f17000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007fb5f1d00000)
        librt.so.1 => /lib/librt.so.1 (0x00007fb5f1af7000)
        libc.so.6 => /lib/libc.so.6 (0x00007fb5f1795000)
        libssl.so.1.0.0 => /usr/local/openssl/lib/libssl.so.1.0.0 (0x00007fb5f152c000)
        libcrypto.so.1.0.0 => /usr/local/openssl/lib/libcrypto.so.1.0.0 (0x00007fb5f1151000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00007fb5f0f35000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fb5f2178000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007fb5f0d31000)
    # /usr/local/curl/bin//curl --engine list
    Build-time engines:
      rsax
      rdrand
      dynamic
"It is strongly recommended that all new applications call OPENSSL_config() or the more sophisticated functions such as CONF_modules_load() during initialization (that is before starting any threads). By doing this an application does not need to keep track of all configuration options and some new functionality can be supported automatically." - curl totally ignores this openssl note.
The patch provided fixes the issue.
---
Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1208/>
To unsubscribe from further messages, please visit <https://sourceforge.net/auth/prefs/>