From: Mark Andrews <marka@isc.org>
Date: Thu, 19 Oct 2006 01:09:31 +0000 (+0000)
Subject: make openssl version check a warning
X-Git-Tag: v9.3.3rc3~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73c3dc560e721370bbc5ab9c507af0aca489985a;p=thirdparty%2Fbind9.git

make openssl version check a warning
---

diff --git a/configure.in b/configure.in
index a783f4e4993..5f2bbaa307b 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.294.2.23.2.69 $)
+AC_REVISION($Revision: 1.294.2.23.2.70 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.13)
@@ -357,6 +357,7 @@ AC_C_BIGENDIAN
 #
 # was --with-openssl specified?
 #
+OPENSSL_WARNING=
 AC_MSG_CHECKING(for OpenSSL library)
 AC_ARG_WITH(openssl,
 [  --with-openssl[=PATH]   Build with OpenSSL [yes|no|path].
@@ -495,15 +496,11 @@ int main() {
 	       "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n");
         return (1);
 }
-],
+		],
 	        [AC_MSG_RESULT(ok)],
 		[AC_MSG_RESULT(not compatible)
-		 AC_MSG_ERROR(
-[you need OpenSSL 0.9.7l/0.9.8d (or newer) for:
-CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940
-to skip this test specify: --disable-openssl-version-check]
-)
-],
+                 OPENSSL_WARNING=yes
+		],
 		[AC_MSG_RESULT(assuming target platform has compatible version)])
 ;;
 no)
@@ -2176,6 +2173,30 @@ AC_OUTPUT(
 )
 chmod a+x isc-config.sh
 
+if test "X$OPENSSL_WARNING" != "X"; then
+cat << \EOF
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+WARNING                                                                 WARNING
+WARNING         Your OpenSSL crypto library may be vulnerable to        WARNING
+WARNING         one or more of the the following known security         WARNING
+WARNING         flaws:                                                  WARNING
+WARNING                                                                 WARNING
+WARNING         CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and         WARNING
+WARNING         CVE-2006-2940.                                          WARNING
+WARNING                                                                 WARNING
+WARNING         It is recommended that you upgrade to OpenSSL           WARNING
+WARNING         version 0.9.8d/0.9.7l (or greater).                     WARNING
+WARNING                                                                 WARNING
+WARNING         You can disable this warning by specifying:             WARNING
+WARNING                                                                 WARNING
+WARNING               --disable-openssl-version-check          	        WARNING
+WARNING                                                                 WARNING
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+EOF
+fi
+
 # Tell Emacs to edit this file in shell mode.
 # Local Variables:
 # mode: sh