Detect openssl header version doesn't match runtime version

We already do this for libevent; let's do it for openssl too.

For now, I'm making it always a warn, since this has caused some
problems in the past.  Later, we can see about making it less severe.

diff --git a/changes/detect_openssl_mismatch b/changes/detect_openssl_mismatch
new file mode 100644 (file)
index 0000000..62f0a9d
--- /dev/null
+++ b/changes/detect_openssl_mismatch
@@ -0,0 +1,4 @@
+  o Minor features:
+    - Detect when we're running with a version of OpenSSL other than the
+      one we compiled with. This has occasionally given people hard-to-
+      track-down errors.

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 77f94ba8079b666c3e24f2f8aee5d803d8ed8436..7768cc37b108e4b35360f698abf3e9dbacfdab13 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -255,6 +255,19 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
     OpenSSL_add_all_algorithms();
     _crypto_global_initialized = 1;
     setup_openssl_threading();
+
+    if (SSLeay() == OPENSSL_VERSION_NUMBER &&
+        !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
+      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
+                 "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    } else {
+      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
+               "version we're running with. If you get weird crashes, that "
+               "might be why. (Compiled with %lx: %s; running with %lx: %s).",
+               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
+               SSLeay(), SSLeay_version(SSLEAY_VERSION));
+    }
+
     if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
       (void)accelName;