[PATCH 1/1] Just warn if linked libssl is more recent

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jun 17 09:31:24 CEST 2014


On 17 Jun 2014, at 07:12, Christian Hesse <list at eworm.de> wrote:

> From: Christian Hesse <mail at eworm.de>
> 
> Even if dynamic linking is just fine, radiusd fails after ever openssl
> update. (Distribution toolkits do not detect this, so distribution
> packages break on a regular basis.)
> This changes behavior so that it still fails on library downgrade, but
> just warns if openssl library has been upgraded.

The point of adding the check, was because even minor versions of libssl
had changes which broke ABI compatibility.

I'm not sure how your suggestion helps? If there's any change in libssl
version it could cause ABI incompatibility, it doesn't matter if it's
an upgrade or downgrade.

-Arran

> ---
> src/main/version.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/src/main/version.c b/src/main/version.c
> index fb72c86..289a4f3 100644
> --- a/src/main/version.c
> +++ b/src/main/version.c
> @@ -48,13 +48,17 @@ int ssl_check_consistency(void)
> 
> 	ssl_linked = SSLeay();
> 
> -	if (ssl_linked != ssl_built) {
> -		ERROR("libssl version mismatch.  built: %lx linked: %lx",
> +	if (ssl_linked < ssl_built) {
> +		ERROR("libssl version mismatch. built: %lx linked: %lx",
> 		       (unsigned long) ssl_built,
> 		       (unsigned long) ssl_linked);
> 
> 		return -1;
> -	};
> +	} else if (ssl_linked > ssl_built) {
> +		WARN("libssl version mismatch. built: %lx linked: %lx",
> +			(unsigned long) ssl_built,
> +			(unsigned long) ssl_linked);
> +	}
> 
> 	return 0;
> }
> -- 
> 2.0.0
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140617/ecfda60c/attachment.pgp>


More information about the Freeradius-Devel mailing list