Apply system_default configuration on SSL_CTX_new().

When SSL_CTX is created preinitialize it with system default
configuration from system_default section.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)

test/build.info

diff --git a/test/build.info b/test/build.info
index 45e3fdd..085f0fa 100644
--- a/test/build.info
+++ b/test/build.info
@@ -48,7 +48,8 @@
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
           recordlentest drbgtest sslbuffertest \
           time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
-          servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest
+          servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
+          sysdefaulttest
 
   SOURCE[aborttest]=aborttest.c
   INCLUDE[aborttest]=../include
@@ -513,6 +514,10 @@
   SOURCE[sslbuffertest]=sslbuffertest.c ssltestlib.c
   INCLUDE[sslbuffertest]=../include
   DEPEND[sslbuffertest]=../libcrypto ../libssl libtestutil.a
+
+  SOURCE[sysdefaulttest]=sysdefaulttest.c
+  INCLUDE[sysdefaulttest]=../include
+  DEPEND[sysdefaulttest]=../libcrypto ../libssl libtestutil.a
 ENDIF
 
 {-

test/recipes/90-test_sysdefault.t

diff --git a/test/recipes/90-test_sysdefault.t b/test/recipes/90-test_sysdefault.t
new file mode 100644
index 0000000..79d20a8
--- /dev/null
+++ b/test/recipes/90-test_sysdefault.t
@@ -0,0 +1,23 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+my $test_name = "test_sysdefault";
+setup($test_name);
+
+plan skip_all => "$test_name is not supported in this build"
+    if disabled("tls1_2") || disabled("rsa");
+
+plan tests => 1;
+
+$ENV{OPENSSL_CONF} = srctop_file("test", "sysdefault.cnf");
+
+ok(run(test(["sysdefaulttest"])), "sysdefaulttest");

test/sysdefault.cnf

diff --git a/test/sysdefault.cnf b/test/sysdefault.cnf
new file mode 100644
index 0000000..5473d83
--- /dev/null
+++ b/test/sysdefault.cnf
@@ -0,0 +1,15 @@
+# Configuration file to test system default SSL configuration
+
+openssl_conf = default_conf
+
+[ default_conf ]
+
+ssl_conf = ssl_sect
+
+[ssl_sect]
+
+system_default = ssl_default_sect
+
+[ssl_default_sect]
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2

test/sysdefaulttest.c

diff --git a/test/sysdefaulttest.c b/test/sysdefaulttest.c
new file mode 100644
index 0000000..8ee4f24
--- /dev/null
+++ b/test/sysdefaulttest.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/opensslconf.h>
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <openssl/tls1.h>
+#include "testutil.h"
+
+static SSL_CTX *ctx;
+
+static int test_func(void)
+{
+    if (!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION)
+        && !TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION)) {
+        TEST_info("min/max version setting incorrect");
+        return 0;
+    }
+    return 1;
+}
+
+int global_init(void)
+{
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                          | OPENSSL_INIT_LOAD_CONFIG, NULL))
+        return 0;
+    return 1;
+}
+
+int setup_tests(void)
+{
+    if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method())))
+        return 0;
+    ADD_TEST(test_func);
+    return 1;
+}
+
+void cleanup_tests(void)
+{
+    SSL_CTX_free(ctx);
+}