Disclaimer about the default provider activation added to config

Fixes #16249

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16280)

2 files changed, 16 insertions, 0 deletions

diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf
index 4d96a1f32d..59c6776a1e 100644
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -60,6 +60,14 @@ default = default_sect
 # included fipsmodule.cnf.
 # fips = fips_sect
 
+# If no providers are activated explicitly, the default one is activated implicitly.
+# See man 7 OSSL_PROVIDER-default for more details.
+#
+# If you add a section explicitly activating any other provider(s), you most
+# probably need to explicitly activate the default provider, otherwise it
+# becomes unavailable in openssl.  As a consequence applications depending on
+# OpenSSL may not work correctly which could lead to significant system
+# problems including inability to remotely access the system.
 [default_sect]
 # activate = 1
 
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index ffb424a871..03330e0120 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -60,6 +60,14 @@ default = default_sect
 # included fipsmodule.cnf.
 # fips = fips_sect
 
+# If no providers are activated explicitly, the default one is activated implicitly.
+# See man 7 OSSL_PROVIDER-default for more details.
+#
+# If you add a section explicitly activating any other provider(s), you most
+# probably need to explicitly activate the default provider, otherwise it
+# becomes unavailable in openssl.  As a consequence applications depending on
+# OpenSSL may not work correctly which could lead to significant system
+# problems including inability to remotely access the system.
 [default_sect]
 # activate = 1