tls: fix OpenSSL engine in child processes

[aalba6675]

tls_init.c calls OPENSSL_init_ssl(); this initializes the
global engine linked-list and this cannot be reset in the child.

To avoid linked-list corruption we manually instantiate
the engine object required for loading private keys instead of
relying on CONF_modules_load_file().

Updates to doc/.

Addresses #2839

Pre-Submission Checklist

• Commit message has the format required by CONTRIBUTING guide
• Commits are split per component (core, individual modules, libs, utils, ...)
• Each component has a single commit (if not, squash them into one commit)
• No commits to README files for modules (changes must be done to docbook files
  in doc/ subfolder, the README file is autogenerated)

Type Of Change

• Small bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds new functionality)
• Breaking change (fix or feature that would change existing functionality)

Checklist:

• PR should be backported to stable branches
• Tested changes locally
• Related to issue OpenSSL 1.1.1 and HSM keys incoming patches #2839

Description

The call to OPENSSL_init_ssl() in tls_init.c results in the creation of the engine linked-list in the parent.

This affects per-child engine private keys as there is no api to reinitialize the engine linked-list in the child.

This PR removes the call to CONF_modules_load_file() which causes linked-list corruption and replaces
the initialization of engine private keys in the child with with other api calls which do not manipulate global
objects.

[miconda]

Thanks! Is it still work in progress? I noticed pushing commit updates, just to know when to consider merging.

[aalba6675]

Thanks! Is it still work in progress? I noticed pushing commit updates, just to know when to consider merging.

Hi @miconda — it is done; I was rebasing to master occasionally.

[miconda]

ok -- it will be merged soon, if no other comments.