Windows specific compile time test for:

2089.   [security]      Raise the minimum safe OpenSSL versions to
                        OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
                        prior to these have known security flaws which
                        are (potentially) exploitable in named. [RT #16391]

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 81d0ccce5ab141dd669a94a337a7930846b0d6bf..438be8417926462be4a94aa2895973d74929d91d 100644 (file)
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.1.2.6 2006/10/10 02:27:47 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.1.2.7 2006/10/11 02:23:49 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -42,6 +42,18 @@
 #include <openssl/bn.h>
 #endif
 
+/*
+ * We don't use configure for windows so enforce the OpenSSL version
+ * here.  Unlike with configure we don't support overriding this test.
+ */
+#ifdef WIN
+#if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \
+       OPENSSL_VERSION_NUMBER < 0x009080000L) || \
+      OPENSSL_VERSION_NUMBER >= 0x0090804fL) 
+#error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater.
+#endif
+#endif
+
 static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data);
 
 static isc_result_t