Allow the syntax of the .include directive to optionally have '='

If the old openssl versions not supporting the .include directive
load a config file with it, they will bail out with error.

This change allows using the .include = <filename> syntax which
is interpreted as variable assignment by the old openssl
config file parser.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8141)

(cherry picked from commit 9d5560331d86c6463e965321f774e4eed582ce0b)

5 files changed, 26 insertions, 2 deletions

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 7f0d70ea69..450eeb9f48 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -348,10 +348,15 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 psection = section;
             }
             p = eat_ws(conf, end);
-            if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) {
+            if (strncmp(pname, ".include", 8) == 0
+                && (p != pname + 8 || *p == '=')) {
                 char *include = NULL;
                 BIO *next;
 
+                if (*p == '=') {
+                    p++;
+                    p = eat_ws(conf, p);
+                }
                 trim_ws(conf, p);
                 if (!str_copy(conf, psection, &include, p))
                     goto err;
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 3e110b0313..7f21cdcc96 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -42,6 +42,13 @@ working directory so unless the configuration file containing the
 B<.include> directive is application specific the inclusion will not
 work as expected.
 
+There can be optional B<=> character and whitespace characters between
+B<.include> directive and the path which can be useful in cases the
+configuration file needs to be loaded by old OpenSSL versions which do
+not support the B<.include> syntax. They would bail out with error
+if the B<=> character is not present but with it they just ignore
+the include.
+
 Each section in a configuration file consists of a number of name and
 value pairs of the form B<name=value>
 
diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t
index 5169700c4c..c6a86fc009 100644
--- a/test/recipes/90-test_includes.t
+++ b/test/recipes/90-test_includes.t
@@ -11,11 +11,13 @@ plan skip_all => "test_includes doesn't work without posix-io"
     if disabled("posix-io");
 
 plan tests =>                   # The number of tests being performed
-    3
+    5
     + ($^O eq "VMS" ? 2 : 0);
 
 ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes");
 ok(run(test(["conf_include_test", data_file("includes-file.cnf")])), "test file includes");
+ok(run(test(["conf_include_test", data_file("includes-eq.cnf")])), "test includes with equal character");
+ok(run(test(["conf_include_test", data_file("includes-eq-ws.cnf")])), "test includes with equal and whitespaces");
 if ($^O eq "VMS") {
     ok(run(test(["conf_include_test", data_file("vms-includes.cnf")])),
        "test directory includes, VMS syntax");
diff --git a/test/recipes/90-test_includes_data/includes-eq-ws.cnf b/test/recipes/90-test_includes_data/includes-eq-ws.cnf
new file mode 100644
index 0000000000..38109a7ab3
--- /dev/null
+++ b/test/recipes/90-test_includes_data/includes-eq-ws.cnf
@@ -0,0 +1,5 @@
+#
+# Example configuration file using includes.
+#
+
+.include = conf-includes
diff --git a/test/recipes/90-test_includes_data/includes-eq.cnf b/test/recipes/90-test_includes_data/includes-eq.cnf
new file mode 100644
index 0000000000..9d3715854b
--- /dev/null
+++ b/test/recipes/90-test_includes_data/includes-eq.cnf
@@ -0,0 +1,5 @@
+#
+# Example configuration file using includes.
+#
+
+.include=conf-includes