Windows specific compile time test for:

2089.   [security]      Raise the minimum safe OpenSSL versions to
                        OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
                        prior to these have known security flaws which
                        are (potentially) exploitable in named. [RT #16391]

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index a4d0e938447d545882c8ec8af4a9ca1e8497745a..119576e962a7010a977b2cd4839e9e571e2bf0c1 100644 (file)
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.1.4.1.10.3 2006/10/10 02:22:54 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.1.4.1.10.4 2006/10/11 02:26:17 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -43,6 +43,19 @@
 #include <openssl/bn.h>
 #endif
 
+/*
+ * We don't use configure for windows so enforce the OpenSSL version
+ * here.  Unlike with configure we don't support overriding this test.
+ */
+#ifdef WIN
+#if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \
+       OPENSSL_VERSION_NUMBER < 0x009080000L) || \
+      OPENSSL_VERSION_NUMBER >= 0x0090804fL) 
+#error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater.
+#endif
+#endif
+
+
        /*
         * XXXMPA  Temporarially disable RSA_BLINDING as it requires
         * good quality random data that cannot currently be guarenteed.