From 1bfc9ca5b8705661c3c616993f3bdb465f2c1aa7 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Mon, 10 Sep 2018 17:52:56 +0200
Subject: [PATCH] Avoid warning for OpenSSL 1.1.1 config file

As #1119 noted, there's a warning for users with an OpenSSL 1.1.1
config file because of #1117 / #1098 .

This commit suppresses the warning on the screen if a config file
from OpenSSL 1.1.1 was detected (kludge from
https://github.com/openssl/openssl/commit/b524b808a1d1ba204dbdcbb42de4e3bddb3472ac).
---
 testssl.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 28077a9..c49e604 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -15755,8 +15755,13 @@ initialize_engine(){
           export OPENSSL_CONF=''
           return 1
      elif ! $OPENSSL engine gost -vvvv -t -c 2>/dev/null >/dev/null; then
-          outln
-          pr_warning "No engine or GOST support via engine with your $OPENSSL"; outln
+          # check for openssl 1.1.1 config -- not this may not be reliable. We only use this
+          # to suppress the warning (confuses users), see #1119
+          # https://github.com/openssl/openssl/commit/b524b808a1d1ba204dbdcbb42de4e3bddb3472ac
+          if ! grep -q 'using the .include directive' /etc/ssl/openssl.cnf; then
+                 outln
+                 pr_warning "No engine or GOST support via engine with your $OPENSSL"; outln
+          fi
           fileout_insert_warning "engine_problem" "WARN" "No engine or GOST support via engine with your $OPENSSL"
           # Avoid clashes of OpenSSL 1.1.1 config file with our openssl 1.0.2. This is for Debian 10
           export OPENSSL_CONF=''