From ba1de45026342523744f66fedb38813c686eb37a Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sun, 19 Nov 2023 15:50:29 +0000
Subject: [PATCH] Manually unifdef OPENSSL_NO_ENGINE in ssl_clnt.c

This allows us to simplify ssl_do_client_cert_cb() a bit.

ok jsing
---
 lib/libssl/ssl_clnt.c | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 441da643fd5..76ed10f8064 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.161 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.162 2023/11/19 15:50:29 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,9 +161,6 @@
 #include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #ifndef OPENSSL_NO_GOST
 #include <openssl/gost.h>
 #endif
@@ -2527,20 +2524,10 @@ ssl3_check_finished(SSL *s)
 static int
 ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 {
-	int	i = 0;
+	if (s->ctx->client_cert_cb == NULL)
+		return 0;
 
-#ifndef OPENSSL_NO_ENGINE
-	if (s->ctx->client_cert_engine) {
-		i = ENGINE_load_ssl_client_cert(
-		    s->ctx->client_cert_engine, s,
-		    SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL);
-		if (i != 0)
-			return (i);
-	}
-#endif
-	if (s->ctx->client_cert_cb)
-		i = s->ctx->client_cert_cb(s, px509, ppkey);
-	return (i);
+	return s->ctx->client_cert_cb(s, px509, ppkey);
 }
 
 static int
-- 
2.20.1