From b2fb503dabaf421997f20fa96cbf4e11e5d5206d Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 15 Apr 2021 00:51:58 +0900
Subject: [ruby/openssl] engine: disable OpenSSL::Engine on OpenSSL 3.0

The entire ENGINE API is deprecated in OpenSSL 3.0 in favor of the new
"Provider" concept.

OpenSSL::Engine will not be defined when compiled with OpenSSL 3.0.
We would need a way to interact with providers from Ruby programs, but
since the concept is completely different from the ENGINE API, it will
not be through the current OpenSSL::Engine interface.

https://github.com/ruby/openssl/commit/69a27d8de4
---
 ext/openssl/openssl_missing.c | 3 ---
 ext/openssl/ossl.h            | 8 +++++---
 ext/openssl/ossl_engine.c     | 3 ++-
 ext/openssl/ossl_pkey.c       | 4 ++++
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 8b93cba6d4..4415703db4 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -10,9 +10,6 @@
 #include RUBY_EXTCONF_H
 
 #include <string.h> /* memcpy() */
-#if !defined(OPENSSL_NO_ENGINE)
-# include <openssl/engine.h>
-#endif
 #include <openssl/x509_vfy.h>
 
 #include "openssl_missing.h"
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index 3a0ab1e593..4b5126893b 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -18,6 +18,7 @@
 #include <ruby/io.h>
 #include <ruby/thread.h>
 #include <openssl/opensslv.h>
+
 #include <openssl/err.h>
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
@@ -30,9 +31,6 @@
   #include <openssl/ts.h>
 #endif
 #include <openssl/crypto.h>
-#if !defined(OPENSSL_NO_ENGINE)
-#  include <openssl/engine.h>
-#endif
 #if !defined(OPENSSL_NO_OCSP)
 #  include <openssl/ocsp.h>
 #endif
@@ -54,6 +52,10 @@
       (LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
 #endif
 
+#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_USE_ENGINE
+#endif
+
 /*
  * Common Module
  */
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
index 661a1368e2..1abde7f766 100644
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@@ -9,7 +9,8 @@
  */
 #include "ossl.h"
 
-#if !defined(OPENSSL_NO_ENGINE)
+#ifdef OSSL_USE_ENGINE
+# include <openssl/engine.h>
 
 #define NewEngine(klass) \
     TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 7030be3c8e..94760d32f4 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -9,6 +9,10 @@
  */
 #include "ossl.h"
 
+#ifdef OSSL_USE_ENGINE
+# include <openssl/engine.h>
+#endif
+
 /*
  * Classes
  */
-- 
cgit v1.2.3