From 5de89aedc272bede433a91098b9b2ff3cf4a3040 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 5 Sep 2018 16:48:28 +0200
Subject: [PATCH] Avoid conflicts of OpenSSL 1.1.1 config file

This addresses a bug where openssl s_client connects hiccuped
because of newer config files which our openssl 1.0.2 couldn't
swallow.

It appeared first on Debian.

FIX #1117

FIX #1098
---
 testssl.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/testssl.sh b/testssl.sh
index a9b2a93..28077a9 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -15745,16 +15745,21 @@ initialize_engine(){
      grep -q '^# testssl config file' "$OPENSSL_CONF" 2>/dev/null && \
           return 0        # We have been here already
      if "$NO_ENGINE"; then
+          # Avoid potential conflicts also -- manual hook, see #1117
+          export OPENSSL_CONF=''
           return 1
      elif $OPENSSL engine gost -v 2>&1 | egrep -q 'invalid command|no such engine'; then
           outln
           pr_warning "No engine or GOST support via engine with your $OPENSSL"; outln
           fileout_insert_warning "engine_problem" "WARN" "No engine or GOST support via engine with your $OPENSSL"
+          export OPENSSL_CONF=''
           return 1
      elif ! $OPENSSL engine gost -vvvv -t -c 2>/dev/null >/dev/null; then
           outln
           pr_warning "No engine or GOST support via engine with your $OPENSSL"; outln
           fileout_insert_warning "engine_problem" "WARN" "No engine or GOST support via engine with your $OPENSSL"
+          # Avoid clashes of OpenSSL 1.1.1 config file with our openssl 1.0.2. This is for Debian 10
+          export OPENSSL_CONF=''
           return 1
      else      # we have engine support
           if [[ -n "$OPENSSL_CONF" ]]; then