From 0c411a542fc4d0255e4d19d75711a9d54f7d4424 Mon Sep 17 00:00:00 2001
From: Kevin Yue <yuezk001@gmail.com>
Date: Sat, 2 Nov 2024 09:36:11 +0000
Subject: [PATCH]  fix: enhance OpenSSL compatibility mode

 Related: #437
---
 apps/gpclient/src/cli.rs          |  2 +-
 crates/gpapi/src/utils/openssl.rs | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/apps/gpclient/src/cli.rs b/apps/gpclient/src/cli.rs
index 8c377d79..d4c55ce7 100644
--- a/apps/gpclient/src/cli.rs
+++ b/apps/gpclient/src/cli.rs
@@ -50,7 +50,7 @@ struct Cli {
   #[command(subcommand)]
   command: CliCommand,
 
-  #[arg(long, help = "Get around the OpenSSL `unsafe legacy renegotiation` error")]
+  #[arg(long, help = "Uses extended compatibility mode for OpenSSL operations to support a broader range of systems and formats.")]
   fix_openssl: bool,
   #[arg(long, help = "Ignore the TLS errors")]
   ignore_tls_errors: bool,
diff --git a/crates/gpapi/src/utils/openssl.rs b/crates/gpapi/src/utils/openssl.rs
index d2aea551..56af8a32 100644
--- a/crates/gpapi/src/utils/openssl.rs
+++ b/crates/gpapi/src/utils/openssl.rs
@@ -10,12 +10,24 @@ pub fn openssl_conf() -> String {
 
 [openssl_init]
 ssl_conf = ssl_sect
+providers = provider_sect
 
 [ssl_sect]
 system_default = system_default_sect
 
 [system_default_sect]
-Options = {}",
+Options = {}
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1
+",
     option
   )
 }