From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 12 Sep 2012 23:31:24 +0000 (-0400)
Subject: Log a notice if we're running with OpenSSL before 1.0.0.
X-Git-Tag: tor-0.2.4.4-alpha~41^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be68c1fb43a34c61c7a589faec1b3cbaf4ced07f;p=thirdparty%2Ftor.git

Log a notice if we're running with OpenSSL before 1.0.0.

These versions have some dubious, slow crypto implementations; 1.0.0
is a great improvement, and at this point is pretty mature.
---

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6c6bf14893..979ff3cfa6 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -243,6 +243,11 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
                SSLeay(), SSLeay_version(SSLEAY_VERSION));
     }
 
+    if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) {
+      log_notice(LD_CRYPTO, "Your OpenSSL version seems to be %s. We "
+                 "recommend 1.0.0 or later.", crypto_openssl_get_version_str());
+    }
+
     if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
       (void)accelName;