From ed9cd639b25a1b907f65e185c5ed2dd59e187e35 Mon Sep 17 00:00:00 2001
From: Jeffrey Clark <h0tw1r3@users.noreply.github.com>
Date: Wed, 11 Sep 2024 12:39:51 -0500
Subject: [PATCH] enable DSO API by default (#251)

* Engine support requires the DSO API
* to support FIPS, the DSO API is used to load the module at runtime,
  typically from a vendor supplied or pre-compiled validated version of
  OpenSSL
---
 Cargo.toml |  2 ++
 src/lib.rs | 10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index c5229a66..01b91f78 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -50,6 +50,8 @@ seed = []
 force-engine = []
 # Enable kTLS support
 ktls = []
+# Disable DSO API support
+no-dso = []
 
 [workspace]
 members = ['testcrate']
diff --git a/src/lib.rs b/src/lib.rs
index 3bdaaf64..6ed87642 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -178,7 +178,6 @@ impl Build {
 
         configure
             // No shared objects, we just want static libraries
-            .arg("no-dso")
             .arg("no-shared")
             // Should be off by default on OpenSSL 1.1.0, but let's be extra sure
             .arg("no-ssl3")
@@ -191,6 +190,15 @@ impl Build {
             // Avoid multilib-postfix for build targets that specify it
             .arg("--libdir=lib");
 
+        if cfg!(feature = "no-dso") {
+            // engine requires DSO support
+            if cfg!(feature = "force-engine") {
+                println!("Feature 'force-engine' requires DSO, ignoring 'no-dso' feature.");
+            } else {
+                configure.arg("no-dso");
+            }
+        }
+
         if cfg!(not(feature = "legacy")) {
             configure.arg("no-legacy");
         }