From ed9cd639b25a1b907f65e185c5ed2dd59e187e35 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Wed, 11 Sep 2024 12:39:51 -0500 Subject: [PATCH] enable DSO API by default (#251) * Engine support requires the DSO API * to support FIPS, the DSO API is used to load the module at runtime, typically from a vendor supplied or pre-compiled validated version of OpenSSL --- Cargo.toml | 2 ++ src/lib.rs | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index c5229a66..01b91f78 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,6 +50,8 @@ seed = [] force-engine = [] # Enable kTLS support ktls = [] +# Disable DSO API support +no-dso = [] [workspace] members = ['testcrate'] diff --git a/src/lib.rs b/src/lib.rs index 3bdaaf64..6ed87642 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -178,7 +178,6 @@ impl Build { configure // No shared objects, we just want static libraries - .arg("no-dso") .arg("no-shared") // Should be off by default on OpenSSL 1.1.0, but let's be extra sure .arg("no-ssl3") @@ -191,6 +190,15 @@ impl Build { // Avoid multilib-postfix for build targets that specify it .arg("--libdir=lib"); + if cfg!(feature = "no-dso") { + // engine requires DSO support + if cfg!(feature = "force-engine") { + println!("Feature 'force-engine' requires DSO, ignoring 'no-dso' feature."); + } else { + configure.arg("no-dso"); + } + } + if cfg!(not(feature = "legacy")) { configure.arg("no-legacy"); }