Do not build OpenSSL ENGINE support on RHEL >= 10

OpenSSL ENGINEs are deprecated upstream, have subtle bugs, and (as all
deprecated functionality) are not supposed to be used in FIPS mode.
There is now a good alternative in pkcs11-provider, so remove support
for ENGINEs from stunnel.

Resolves: RHEL-33749
Signed-off-by: Clemens Lang <cllang@redhat.com>

stunnel.spec

@@ -7,6 +7,12 @@
 %bcond_without libwrap
 %endif
 
+%if 0%{?rhel} >= 10
+%bcond_without openssl_engine
+%else
+%bcond_without openssl_engine
+%endif
+
 Summary: A TLS-encrypting socket wrapper
 Name: stunnel
 Version: 5.72
@@ -81,6 +87,11 @@ if pkg-config openssl ; then
 	CFLAGS="$CFLAGS `pkg-config --cflags openssl`";
 	LDFLAGS="`pkg-config --libs-only-L openssl`"; export LDFLAGS
 fi
+
+CPPFLAGS_NO_ENGINE=""
+%if !%{with openssl_engine}
+	CPPFLAGS_NO_ENGINE="-DOPENSSL_NO_ENGINE"
+%endif
 %configure --enable-fips --enable-ipv6 --with-ssl=%{_prefix} \
 %if %{with libwrap}
 --enable-libwrap \
@@ -88,7 +99,7 @@ fi
 --disable-libwrap \
 %endif
 	--with-bashcompdir=%{_datadir}/bash-completion/completions \
-	CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
+	CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"' $CPPFLAGS_NO_ENGINE"
 make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now"
 
 %install