From 2f44ef51f48d39eb42d475cf753b93838844de15 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sat, 30 Jan 2021 15:10:52 +0100 Subject: --version: print OpenSSL versions build/run-time and directories --- Makefile.am | 2 +- NEWS | 3 +++ fetchmail.c | 9 +++++++++ socket.c | 13 +++++-------- tls-aux.h | 25 +++++++++++++++++++++++++ 5 files changed, 43 insertions(+), 9 deletions(-) create mode 100644 tls-aux.h diff --git a/Makefile.am b/Makefile.am index a6b74fbe..89119931 100644 --- a/Makefile.am +++ b/Makefile.am @@ -35,7 +35,7 @@ libfm_a_SOURCES= xmalloc.c base64.c rfc822.c report.c rfc2047e.c \ smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ smbtypes.h fm_getaddrinfo.c starttls.c rfc822valid.c \ xmalloc.h sdump.h sdump.c x509_name_match.c \ - fm_strl.h md5c.c tls-aux.c + fm_strl.h md5c.c tls-aux.c tls-aux.h if NTLM_ENABLE libfm_a_SOURCES += ntlmsubr.c diff --git a/NEWS b/NEWS index db68247d..8a773e42 100644 --- a/NEWS +++ b/NEWS @@ -93,6 +93,9 @@ fetchmail-6.4.16 (not yet released): OpenSSL or possibly in its configuration file). This was added when Gene Heskett was debugging his setup and the information "where does OpenSSL look" was missing. +* fetchmail --version now prints version of the OpenSSL library that + it was compiled against, and that it is using at runtime, and also + the OPENSSL_DIR and OPENSSL_ENGINES_DIR (if available). # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the diff --git a/fetchmail.c b/fetchmail.c index e6ceb71a..9644aea0 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -56,6 +56,8 @@ #ifdef SSL_ENABLE #include /* for OPENSSL_NO_SSL2 and ..._SSL3 checks */ +#include /* for version queries */ +#include "tls-aux.h" /* compatibility and helper functions */ #endif /* prototypes for internal functions */ @@ -304,6 +306,13 @@ int main(int argc, char **argv) printf(GT_("This is fetchmail release %s"), VERSION); fputs(features, stdout); #ifdef SSL_ENABLE + printf(GT_("Compiled with SSL library %#lx \"%s\"\n" + "Run-time uses SSL library %#lx \"%s\"\n"), + OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, + OpenSSL_version_num(), OpenSSL_version(OPENSSL_VERSION)); + printf(GT_("OpenSSL: %s\nEngines: %s\n"), + OpenSSL_version(OPENSSL_DIR), + OpenSSL_version(OPENSSL_ENGINES_DIR)); #if !HAVE_DECL_TLS1_3_VERSION || defined(OPENSSL_NO_TLS1_3) printf(GT_("WARNING: Your SSL/TLS library does not support TLS v1.3.\n")); #endif diff --git a/socket.c b/socket.c index 49af2235..62fd43d2 100644 --- a/socket.c +++ b/socket.c @@ -10,6 +10,7 @@ #include "config.h" #include "fetchmail.h" +#include "tls-aux.h" #include #include @@ -902,8 +903,8 @@ static const char *SSLCertGetCN(const char *mycert, return ret; } -#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1010000fL -/* OSSL_proto_version_logic for OpenSSL 1.0.x and LibreSSL */ +#if !defined(OSSL110_API) +/* ===== implementation for OpenSSL 1.0.X and LibreSSL ===== */ static int OSSL10X_proto_version_logic(int sock, const char **myproto, int *avoid_ssl_versions) { if (!*myproto) { @@ -971,10 +972,8 @@ static int OSSL10X_proto_version_logic(int sock, const char **myproto, int *avoi return 0; } #define OSSL_proto_version_logic(a,b,c) OSSL10X_proto_version_logic((a),(b),(c)) -#undef OSSL110_API #else -/* implementation for OpenSSL 1.1.0 */ -#define OSSL110_API 1 +/* ===== implementation for OpenSSL 1.1.0 ===== */ static int OSSL110_proto_version_logic(int sock, const char **myproto, int *avoid_ssl_versions) { @@ -1072,10 +1071,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); /* see Debian Bug#576430 and manpage */ - ver = SSLeay(); -#else - ver = OpenSSL_version_num(); #endif + ver = OpenSSL_version_num(); /* version switch through tls-aux.h */ if (ver < OPENSSL_VERSION_NUMBER) { report(stderr, GT_("Loaded OpenSSL library %#lx older than headers %#lx, refusing to work.\n"), (long)ver, (long)(OPENSSL_VERSION_NUMBER)); diff --git a/tls-aux.h b/tls-aux.h new file mode 100644 index 00000000..696020a3 --- /dev/null +++ b/tls-aux.h @@ -0,0 +1,25 @@ +#ifndef TLS_AUX_H +#define TLS_AUX_H 1 + +#include "config.h" +#include "fetchmail.h" + + +#ifdef SSL_ENABLE +#include + +# if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1010000fL +# undef OSSL110_API +# else +# define OSSL110_API 1 +# endif +# if OPENSSL_VERSION_NUMBER < 0x1010000fL +# define OpenSSL_version(t) SSLeay_version((t)) +# define OpenSSL_version_num() SSLeay() +# define OPENSSL_VERSION (SSLEAY_VERSION) +# define OPENSSL_DIR (SSLEAY_DIR) +# define OPENSSL_ENGINES_DIR (-1) +# endif +#endif /* SSL_ENABLE */ + +#endif /* TLS_AUX_H */ -- cgit v1.2.3