Load system default cipher string from crypto-policies configuration file

...should ignore errors.

Related: RHEL-71132

0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch

@@ -139,7 +139,7 @@ index 8360991ce4..33c23efb0d 100644
 +
 +    if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
 +        ciphers_path = SYSTEM_CIPHERS_FILE;
-+
++    ERR_set_mark();
 +    if (access(ciphers_path, R_OK) == 0) {
 +        CONF *conf = NCONF_new_ex(NULL, NCONF_default());
 +        char *value = NULL;
@@ -153,7 +153,7 @@ index 8360991ce4..33c23efb0d 100644
 +    } else {
 +        snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
 +    }
-+
++    ERR_pop_to_mark();
 +    slen = strlen(suffix);
 +    len = strlen(buf);
 +

openssl.spec

@@ -544,6 +544,9 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
 * Wed Jan 29 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-16
 - Fix timing side-channel in ECDSA signature computation (CVE-2024-13176)
   Resolves: RHEL-70879
+- Load system default cipher string from crypto-policies configuration file
+  should ignore errors.
+  Related: RHEL-71132
 
 * Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-15
 - Fix providers no_cache behavior