Log a notice if we're running with OpenSSL before 1.0.0.

These versions have some dubious, slow crypto implementations; 1.0.0 is a great improvement, and at this point is pretty mature.
2024-11-24 12:23:32 +01:00 · 2012-09-12 19:31:24 -04:00 · 2012-09-12 19:31:24 -04:00 · be68c1fb43
commit be68c1fb43
parent feabf4148f
1 changed files with 5 additions and 0 deletions
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -243,6 +243,11 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
               SSLeay(), SSLeay_version(SSLEAY_VERSION));
    }

+    if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) {
+      log_notice(LD_CRYPTO, "Your OpenSSL version seems to be %s. We "
+                 "recommend 1.0.0 or later.", crypto_openssl_get_version_str());
+    }
+
    if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
      (void)accelName;