enable DSO API by default (#251)

h0tw1r3 · web-flow · commit ed9cd639b25a · 2024-09-11T12:39:51.000-05:00
* Engine support requires the DSO API
* to support FIPS, the DSO API is used to load the module at runtime,
  typically from a vendor supplied or pre-compiled validated version of
  OpenSSL
diff --git a/Cargo.toml b/Cargo.toml
@@ -50,6 +50,8 @@ seed = []
 force-engine = []
 # Enable kTLS support
 ktls = []
+# Disable DSO API support
+no-dso = []
 
 [workspace]
 members = ['testcrate']
diff --git a/src/lib.rs b/src/lib.rs
@@ -178,7 +178,6 @@ impl Build {
 
         configure
             // No shared objects, we just want static libraries
-            .arg("no-dso")
             .arg("no-shared")
             // Should be off by default on OpenSSL 1.1.0, but let's be extra sure
             .arg("no-ssl3")
@@ -191,6 +190,15 @@ impl Build {
             // Avoid multilib-postfix for build targets that specify it
             .arg("--libdir=lib");
 
+        if cfg!(feature = "no-dso") {
+            // engine requires DSO support
+            if cfg!(feature = "force-engine") {
+                println!("Feature 'force-engine' requires DSO, ignoring 'no-dso' feature.");
+            } else {
+                configure.arg("no-dso");
+            }
+        }
+
         if cfg!(not(feature = "legacy")) {
             configure.arg("no-legacy");
         }
