Add SSL library version reporting.

Print the version of the SSL and LZO library (if any) used.

SSL library version is also sent as IV_SSL=<version> to the server if
--push-peer-info is enabled.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20140416152456.GI16637@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8537
(cherry picked from commit 1ec984b154aa3247ef58c9d44e7e477880b632b1)

diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
index 5125eae9267b44457118abbfd2f10341df5567a8..fd87fc16f1708e7ab7616d6bbdfe44de843e2609 100644 (file)
--- a/src/openvpn/openvpn.c
+++ b/src/openvpn/openvpn.c
@@ -220,6 +220,7 @@ openvpn_main (int argc, char *argv[])
 
          /* print version number */
          msg (M_INFO, "%s", title_string);
+         show_library_versions(M_INFO);
 
          /* misc stuff */
          pre_setup (&c.options);

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 7741dbf8473283476cfb7bdbcea7f18bc5bd7d33..dcdc20019e50deb6ebe0c2074aa7ebad40bc0531 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3436,10 +3436,28 @@ usage_small (void)
   openvpn_exit (OPENVPN_EXIT_STATUS_USAGE); /* exit point */
 }
 
+void
+show_library_versions(const unsigned int flags)
+{
+  msg (flags, "library versions: %s%s%s",
+#ifdef ENABLE_SSL
+                       get_ssl_library_version(),
+#else
+                       "",
+#endif
+#ifdef ENABLE_LZO
+                       ", LZO ", lzo_version_string()
+#else
+                       "", ""
+#endif
+       );
+}
+
 static void
 usage_version (void)
 {
   msg (M_INFO|M_NOPREFIX, "%s", title_string);
+  show_library_versions( M_INFO|M_NOPREFIX );
   msg (M_INFO|M_NOPREFIX, "Originally developed by James Yonan");
   msg (M_INFO|M_NOPREFIX, "Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>");
 #ifndef ENABLE_SMALL

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 800fcba32167c78a4194e6c0df70ecf454b9889c..93d81e281c1e373134305009c715ac5dab4920a6 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1836,6 +1836,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session)
          get_default_gateway (&rgi);
          if (rgi.flags & RGI_HWADDR_DEFINED)
            buf_printf (&out, "IV_HWADDR=%s\n", format_hex_ex (rgi.hwaddr, 6, 0, 1, ":", &gc));
+         buf_printf (&out, "IV_SSL=%s\n", get_ssl_library_version() );
         }
 
       /* push env vars that begin with UV_ and IV_GUI_VER */

diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index 54383feb9cac44cb2001613a952b20f6f50b19ea..9777242df6c825481342570071ab900c0a4356ef 100644 (file)
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -465,4 +465,10 @@ void show_available_tls_ciphers (const char *tls_ciphers);
  */
 void get_highest_preference_tls_cipher (char *buf, int size);
 
+/**
+ * return a pointer to a static memory area containing the
+ * name and version number of the SSL library in use
+ */
+char * get_ssl_library_version(void);
+
 #endif /* SSL_BACKEND_H_ */

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 5689e7caaeabfd21591f648023ed55c4aacceb15..08e35925fdb4e4e212c34946cbea44c24f9c3da0 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1345,4 +1345,10 @@ get_highest_preference_tls_cipher (char *buf, int size)
   SSL_CTX_free (ctx);
 }
 
+char *
+get_ssl_library_version(void)
+{
+    return SSLeay_version(SSLEAY_VERSION);
+}
+
 #endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */

diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index 551c352beaa6b7d4bdc440cb09fbea015e01e66e..6334783d14722317f674dd231fb171492713842a 100644 (file)
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
@@ -1068,4 +1068,14 @@ get_highest_preference_tls_cipher (char *buf, int size)
   strncpynt (buf, cipher_name, size);
 }
 
+char *
+get_ssl_library_version(void)
+{
+    static char polar_version[30];
+    unsigned int pv = version_get_number();
+    sprintf( polar_version, "PolarSSL %d.%d.%d",
+               (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
+    return polar_version;
+}
+
 #endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) */