openssl-3/openssl-Override-default-paths-for-the-CA-directory-tree.patch

From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:17:26 +0200
Subject: Override default paths for the CA directory tree

Also add default section to load crypto-policies configuration
for TLS.

It needs to be reverted before running tests.

(was openssl-1.1.1-conf-paths.patch)
---
 apps/openssl.cnf | 20 ++++++++++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

Index: openssl-3.0.1/apps/openssl.cnf
===================================================================
--- openssl-3.0.1.orig/apps/openssl.cnf
+++ openssl-3.0.1/apps/openssl.cnf
@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7
 
 [openssl_init]
 providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
 
 # List of providers to load
 [provider_sect]
@@ -71,6 +73,13 @@ default = default_sect
 [default_sect]
 # activate = 1
 
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
 
 ####################################################################
 [ ca ]