1 files changed, 20 insertions, 1 deletions

diff --git a/src/crypto-lib/libcryptofunction.cpp b/src/crypto-lib/libcryptofunction.cpp
index 362307cd..207cde86 100644
--- a/src/crypto-lib/libcryptofunction.cpp
+++ b/src/crypto-lib/libcryptofunction.cpp
@@ -49,6 +49,7 @@
 // we want at least openssl 1.0.1 or 1.1.0
 #define AM_MINIMUM_OPENSSL10_VERSION 0x1000100fL
 #define AM_MINIMUM_OPENSSL11_VERSION 0x1010000fL
+#define AM_MINIMUM_OPENSSL30_VERSION 0x3000000fL
 
 QT_BEGIN_NAMESPACE_AM
 
@@ -60,10 +61,15 @@ static AM_LIBCRYPTO_FUNCTION(ERR_load_crypto_strings, void(*)());
 static AM_LIBCRYPTO_FUNCTION(OpenSSL_version_num, unsigned long(*)(), 0);
 static AM_LIBCRYPTO_FUNCTION(OPENSSL_init_crypto, int(*)(uint64_t, void *), 0);
 
+struct OSSL_PROVIDER;
+struct OSSL_LIB_CTX;
+static AM_LIBCRYPTO_FUNCTION(OSSL_PROVIDER_load, OSSL_PROVIDER *(*)(OSSL_LIB_CTX *, const char *), nullptr);
+
 QLibrary *Cryptography::LibCryptoFunctionBase::s_library = nullptr;
 bool Cryptography::LibCryptoFunctionBase::s_isOpenSSL11 = false;
+bool Cryptography::LibCryptoFunctionBase::s_isOpenSSL30 = false;
 
-bool Cryptography::LibCryptoFunctionBase::initialize()
+bool Cryptography::LibCryptoFunctionBase::initialize(bool loadOpenSsl3LegacyProvider)
 {
     if (s_library)
         return true;
@@ -98,6 +104,19 @@ bool Cryptography::LibCryptoFunctionBase::initialize()
         if (version > 0) {
             if (version >= AM_MINIMUM_OPENSSL11_VERSION) {
                 s_isOpenSSL11 = true;
+
+                if (version >= AM_MINIMUM_OPENSSL30_VERSION) {
+                    s_isOpenSSL30 = true;
+
+                    if (loadOpenSsl3LegacyProvider) {
+                        // openSSL 3.0 might need the legacy provider to read old PKCS12 certs
+                        auto legacyLoaded = am_OSSL_PROVIDER_load(nullptr, "legacy");
+                        auto defaultLoaded = am_OSSL_PROVIDER_load(nullptr, "default");
+                        if (!legacyLoaded || !defaultLoaded)
+                            qCritical("Loaded libcrypto version 3, but couldn't load the 'legacy provider' as requested");
+                    }
+                }
+
                 return (am_OPENSSL_init_crypto(4 /*OPENSSL_INIT_ADD_ALL_CIPHERS*/
                                                | 8 /*OPENSSL_INIT_ADD_ALL_DIGESTS*/
                                                | 2 /*OPENSSL_INIT_LOAD_CRYPTO_STRINGS*/,