On Wed, Oct 22, 2025 at 12:36:58PM +0200, Theo Buehler wrote:
> I don't think these calls were ever doing anything useful since
> rpki-client always needed a libressl version with automatic library
> initialization thanks to CMS.

... and I don't think we ever supported OpenSSL < 1.1 either.

> 
> When we still used cryptoerrx() & friends, the strings would be loaded
> before first use. Similarly for lookups of ciphers and digests by name
> (which we never used to my knowledge).

Index: filemode.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
diff -u -p -r1.70 filemode.c
--- filemode.c	17 Oct 2025 08:09:21 -0000	1.70
+++ filemode.c	22 Oct 2025 09:57:18 -0000
@@ -806,9 +806,6 @@ proc_filemode(int fd)
 	if (pledge("stdio rpath", NULL) == -1)
 		err(1, "pledge");
 
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_ciphers();
-	OpenSSL_add_all_digests();
 	constraints_parse();
 
 	if ((ctx = X509_STORE_CTX_new()) == NULL)
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
diff -u -p -r1.171 parser.c
--- parser.c	17 Oct 2025 08:09:21 -0000	1.171
+++ parser.c	17 Oct 2025 08:14:41 -0000
@@ -1246,9 +1246,6 @@ proc_parser(int fd, int nthreads)
 	if (pledge("stdio rpath", NULL) == -1)
 		err(1, "pledge");
 
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_ciphers();
-	OpenSSL_add_all_digests();
 	constraints_parse();
 
 	if ((globalmsgq = ibufq_new()) == NULL)