From b50cd6585280a5038b70812f4a0ecc5d6f5e407a Mon Sep 17 00:00:00 2001 From: Jeremy Browne Date: Thu, 13 Aug 2015 00:09:17 -0700 Subject: [PATCH] Fix OpenSSL version check issues Bring the relevant bits of 3eb1025dc6ac back to v2.x.x branch --- src/main/version.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/version.c b/src/main/version.c index c113467681..b9ee25e002 100644 --- a/src/main/version.c +++ b/src/main/version.c @@ -53,7 +53,7 @@ const char *ssl_version() /** Check built and linked versions of OpenSSL match * * OpenSSL version number consists of: - * MMNNFFPPS: major minor fix patch status + * MNNFFPPS: major minor fix patch status * * Where status >= 0 && < 10 means beta, and status 10 means release. * @@ -72,7 +72,7 @@ int ssl_check_version(int allow_vulnerable) /* * Status mismatch always triggers error. */ - if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) { + if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) { mismatch: radlog(L_ERR, "libssl version mismatch. built: %lx linked: %lx", (unsigned long) ssl_built, (unsigned long) ssl_linked); @@ -85,14 +85,14 @@ int ssl_check_version(int allow_vulnerable) * 1.0.0 and only allow moving backwards within a patch * series. */ - if (ssl_built & 0xff) { - if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) || - (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch; + if (ssl_built & 0xf0000000) { + if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) || + (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch; /* * Before 1.0.0 we require the same major minor and fix version * and ignore the patch number. */ - } else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch; + } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch; if (!allow_vulnerable) { /* Check for bad versions */ -- 2.47.2