Bug#654694: proftpd-basic: mod_tls and mod_sftp check for the exact OpenSSL version that they were compiled with

Hilmar Preuße hille42 at web.de
Wed Sep 21 11:57:12 UTC 2016


Am 05.01.2012 um 11:09 schrieb Stefano Rivera:

Hi Stefano, hi Jaap,

> Package: proftpd-basic
> Version: 1.3.4a-1
> Severity: minor
>
> I quote from contrib/mod_tls.c:
> | static int tls_init(void) {
> |
> |   /* Check that the OpenSSL headers used match the version of the
> |    * OpenSSL library used.
> |    *
> |    * For now, we only log if there is a difference.
> |    */
> |   if (SSLeay() != OPENSSL_VERSION_NUMBER) {
> |     pr_log_pri(PR_LOG_ERR, MOD_TLS_VERSION
> |       ": compiled using OpenSSL version '%s' headers, but linked to "
> |       "OpenSSL version '%s' library", OPENSSL_VERSION_TEXT,
> |       SSLeay_version(SSLEAY_VERSION));
> |     tls_log("compiled using OpenSSL version '%s' headers, but linked to "
> |       "OpenSSL version '%s' library", OPENSSL_VERSION_TEXT,
> |       SSLeay_version(SSLEAY_VERSION));
> |   }
> |
> |   pr_log_debug(DEBUG2, MOD_TLS_VERSION ": using " OPENSSL_VERSION_TEXT);
> ...
>
> Either this check should be removed, or we should make our dependencies
> stricter (if it really needs an exact version match, which I doubt).
>
Current code (mod_sftp from 1.3.5a) reads:

   openssl_version = SSLeay();

   if (openssl_version != OPENSSL_VERSION_NUMBER) {
     int unexpected_version_mismatch = TRUE;

     if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) {
       /* OpenSSL versions after 1.0.0 try to maintain ABI compatibility.
        * So we will warn about header/library version mismatches only if
        * the library is older than the headers.
        */
       if (openssl_version >= OPENSSL_VERSION_NUMBER) {
         unexpected_version_mismatch = FALSE;
       }
     }

     if (unexpected_version_mismatch == TRUE) {
       pr_log_pri(PR_LOG_WARNING, MOD_SFTP_VERSION
         ": compiled using OpenSSL version '%s' headers, but linked to "
         "OpenSSL version '%s' library", OPENSSL_VERSION_TEXT,
         SSLeay_version(SSLEAY_VERSION));
     }
   }

The fact that the installed lib is older than the one we linked against 
when package building should not happen. So basically your problem 
should be solved.

Can you confirm this?

Hilmar
-- 
http://www.hilmar-preusse.de.vu/   #206401 http://counter.li.org



More information about the Pkg-proftpd-maintainers mailing list