[tor-commits] [tor/master] Detect openssl header version doesn't match runtime version

nickm at torproject.org nickm at torproject.org
Thu Sep 6 15:33:14 UTC 2012 

commit 7607ad2becc9634f01ca6dd99a0475ecf276ac93
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Sep 4 12:41:37 2012 -0400

    Detect openssl header version doesn't match runtime version
    
    We already do this for libevent; let's do it for openssl too.
    
    For now, I'm making it always a warn, since this has caused some
    problems in the past.  Later, we can see about making it less severe.
---
 changes/detect_openssl_mismatch |    4 ++++
 src/common/crypto.c             |   13 +++++++++++++
 2 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/changes/detect_openssl_mismatch b/changes/detect_openssl_mismatch
new file mode 100644
index 0000000..62f0a9d
--- /dev/null
+++ b/changes/detect_openssl_mismatch
@@ -0,0 +1,4 @@
+  o Minor features:
+    - Detect when we're running with a version of OpenSSL other than the
+      one we compiled with. This has occasionally given people hard-to-
+      track-down errors.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 77f94ba..7768cc3 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -255,6 +255,19 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
     OpenSSL_add_all_algorithms();
     _crypto_global_initialized = 1;
     setup_openssl_threading();
+
+    if (SSLeay() == OPENSSL_VERSION_NUMBER &&
+        !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
+      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
+                 "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    } else {
+      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
+               "version we're running with. If you get weird crashes, that "
+               "might be why. (Compiled with %lx: %s; running with %lx: %s).",
+               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
+               SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    }
+
     if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
       (void)accelName;

More information about the tor-commits mailing list