From 35c30994c4c9ed7ffa78224b37af5ec972c7ca61 Mon Sep 17 00:00:00 2001 From: Daniel-Constantin Mierla Date: Tue, 7 Jun 2016 15:21:06 +0200 Subject: [PATCH] tls: proper check of libssl versions used for compilation and available on system - shift out the last 12bits, being the patch version and status (see man SSLeay) - reported by Victor Seva, GH #662 (cherry picked from commit c38b4c7345a6806f48a0cdb07841e10bc962e1bf) (cherry picked from commit 253909bf673c0a59e7adf578bb5df73eb157d0f2) (cherry picked from commit 5632abc108bf8ed8157a77806ea80b962db3fa4f) (cherry picked from commit 0a5f99b28d01d79cf2675df6d2a6220167e2476e) --- modules/tls/tls_init.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c index c4a6a2dc276..bc724c93495 100644 --- a/modules/tls/tls_init.c +++ b/modules/tls/tls_init.c @@ -528,8 +528,10 @@ int init_tls_h(void) #endif ssl_version=SSLeay(); /* check if version have the same major minor and fix level - * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) */ - if ((ssl_version>>8)!=(OPENSSL_VERSION_NUMBER>>8)){ + * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) + * - values is represented as 0xMMNNFFPPS: major minor fix patch status + * 0x00090705f == 0.9.7e release */ + if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){ LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library " "version is too different from the library the ser tls module " "was compiled with: installed \"%s\" (0x%08lx), compiled "