From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 28 Apr 2025 15:32:21 +0000 (-0400)
Subject: Warn when OpenSSL is older than 3.0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fd45dc3de0293595db63db0de3ff349527b9cb5;p=thirdparty%2Ftor.git

Warn when OpenSSL is older than 3.0

Running with an unsupported version of openssl is not IMO
a very good idea.
---

diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c
index 1726e92489..e008c0648b 100644
--- a/src/lib/crypt_ops/crypto_openssl_mgt.c
+++ b/src/lib/crypt_ops/crypto_openssl_mgt.c
@@ -301,6 +301,14 @@ int
 crypto_openssl_late_init(int useAccel, const char *accelName,
                          const char *accelDir)
 {
+  if (tor_OpenSSL_version_num() < OPENSSL_V_SERIES(3,0,0)) {
+    log_warn(LD_CRYPTO, "Running with OpenSSL version \"%s\", "
+             "which is no longer maintained by the OpenSSL project. "
+             "We recommend that you upgrade to OpenSSL 3.0 or later. "
+             "OpenSSL >=3.5 would be ideal.",
+             OPENSSL_VERSION_TEXT);
+  }
+
   if (useAccel > 0) {
     if (crypto_openssl_init_engines(accelName, accelDir) < 0)
       return -1;