enable DSO API by default (#251)

* Engine support requires the DSO API * to support FIPS, the DSO API is used to load the module at runtime, typically from a vendor supplied or pre-compiled validated version of OpenSSL
alexcrichton · Sep 11, 2024 · ed9cd63 · ed9cd63
1 parent 8e79a62
commit ed9cd63
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/Cargo.toml b/Cargo.toml
@@ -50,6 +50,8 @@ seed = []
 force-engine = []
 # Enable kTLS support
 ktls = []
+# Disable DSO API support
+no-dso = []
 
 [workspace]
 members = ['testcrate']

diff --git a/src/lib.rs b/src/lib.rs
@@ -178,7 +178,6 @@ impl Build {
 
         configure
             // No shared objects, we just want static libraries
-            .arg("no-dso")
             .arg("no-shared")
             // Should be off by default on OpenSSL 1.1.0, but let's be extra sure
             .arg("no-ssl3")
@@ -191,6 +190,15 @@ impl Build {
             // Avoid multilib-postfix for build targets that specify it
             .arg("--libdir=lib");
 
+        if cfg!(feature = "no-dso") {
+            // engine requires DSO support
+            if cfg!(feature = "force-engine") {
+                println!("Feature 'force-engine' requires DSO, ignoring 'no-dso' feature.");
+            } else {
+                configure.arg("no-dso");
+            }
+        }
+
         if cfg!(not(feature = "legacy")) {
             configure.arg("no-legacy");
         }