Log a notice if we're running with OpenSSL before 1.0.0.

These versions have some dubious, slow crypto implementations; 1.0.0
is a great improvement, and at this point is pretty mature.

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6c6bf148933d112ddd0ce006e9988ad713023786..979ff3cfa62b46c36b0900d3f54e95d21589fa7b 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -243,6 +243,11 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
                SSLeay(), SSLeay_version(SSLEAY_VERSION));
     }
 
+    if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) {
+      log_notice(LD_CRYPTO, "Your OpenSSL version seems to be %s. We "
+                 "recommend 1.0.0 or later.", crypto_openssl_get_version_str());
+    }
+
     if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
       (void)accelName;