From: Mark Andrews Date: Wed, 11 Oct 2006 02:26:17 +0000 (+0000) Subject: Windows specific compile time test for: X-Git-Tag: v9.3.2-P2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1591b2c19906bda28de5c5cea9d6ca6cd308726a;p=thirdparty%2Fbind9.git Windows specific compile time test for: 2089. [security] Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are (potentially) exploitable in named. [RT #16391] --- diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index a4d0e938447..119576e962a 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: opensslrsa_link.c,v 1.1.4.1.10.3 2006/10/10 02:22:54 marka Exp $ + * $Id: opensslrsa_link.c,v 1.1.4.1.10.4 2006/10/11 02:26:17 marka Exp $ */ #ifdef OPENSSL @@ -43,6 +43,19 @@ #include #endif +/* + * We don't use configure for windows so enforce the OpenSSL version + * here. Unlike with configure we don't support overriding this test. + */ +#ifdef WIN +#if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \ + OPENSSL_VERSION_NUMBER < 0x009080000L) || \ + OPENSSL_VERSION_NUMBER >= 0x0090804fL) +#error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater. +#endif +#endif + + /* * XXXMPA Temporarially disable RSA_BLINDING as it requires * good quality random data that cannot currently be guarenteed.