diff --git a/configure b/configure index 669e7af11b..ab7718d825 100755 --- a/configure +++ b/configure @@ -1008,7 +1008,6 @@ with_gost with_eddsa with_aes with_cc_alg -enable_openssl_version_check enable_openssl_hash enable_crypto_rand with_lmdb @@ -1700,8 +1699,6 @@ Optional Features: --enable-devpoll use /dev/poll when available [default=yes] --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] - --enable-openssl-version-check - check OpenSSL version [default=yes] --enable-openssl-hash use OpenSSL for hash functions [default=yes] --enable-crypto-rand use the crypto provider for random [default=yes] --enable-largefile 64-bit file support @@ -16511,62 +16508,6 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext -# Check whether --enable-openssl-version-check was given. -if test "${enable_openssl_version_check+set}" = set; then : - enableval=$enable_openssl_version_check; -fi - -case "$enable_openssl_version_check" in -yes|'') - { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5 -$as_echo_n "checking OpenSSL library version... " >&6; } - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming target platform has compatible version" >&5 -$as_echo "assuming target platform has compatible version" >&6; } -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -int main() { - if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && - OPENSSL_VERSION_NUMBER < 0x00908000L) || - (OPENSSL_VERSION_NUMBER >= 0x0090804fL && - OPENSSL_VERSION_NUMBER < 0x10002000L) || - OPENSSL_VERSION_NUMBER >= 0x1000205fL) - return (0); - printf("\n\nFound OPENSSL_VERSION_NUMBER %#010lx\n", - OPENSSL_VERSION_NUMBER); - printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n" - "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n"); - return (1); -} - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not compatible" >&5 -$as_echo "not compatible" >&6; } - OPENSSL_WARNING=yes - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -;; -no) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Skipped OpenSSL version check" >&5 -$as_echo "Skipped OpenSSL version check" >&6; } -;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL FIPS mode support" >&5 $as_echo_n "checking for OpenSSL FIPS mode support... " >&6; } have_fips_mode="" @@ -26680,31 +26621,6 @@ not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and EOF fi -if test "X$OPENSSL_WARNING" != "X"; then -cat << \EOF -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING -WARNING Your OpenSSL crypto library may be vulnerable to WARNING -WARNING one or more of the the following known security WARNING -WARNING flaws: WARNING -WARNING WARNING -WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING -WARNING CVE-2006-2940 and CVE-2015-3193. WARNING -WARNING WARNING -WARNING It is recommended that you upgrade to OpenSSL WARNING -WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING -WARNING (or greater). WARNING -WARNING WARNING -WARNING You can disable this warning by specifying: WARNING -WARNING WARNING -WARNING --disable-openssl-version-check WARNING -WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -EOF -fi - # Tell Emacs to edit this file in shell mode. # Local Variables: # mode: sh diff --git a/configure.in b/configure.in index 6cc42b59e8..29b647f7c4 100644 --- a/configure.in +++ b/configure.in @@ -1688,43 +1688,6 @@ DSO_METHOD_dlfcn(); ], [AC_MSG_RESULT(assuming it does work on target platform)] ) - -AC_ARG_ENABLE(openssl-version-check, - [AS_HELP_STRING([--enable-openssl-version-check], - [check OpenSSL version @<:@default=yes@:>@])]) -case "$enable_openssl_version_check" in -yes|'') - AC_MSG_CHECKING(OpenSSL library version) - AC_TRY_RUN([ -#include -#include -int main() { - if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && - OPENSSL_VERSION_NUMBER < 0x00908000L) || - (OPENSSL_VERSION_NUMBER >= 0x0090804fL && - OPENSSL_VERSION_NUMBER < 0x10002000L) || - OPENSSL_VERSION_NUMBER >= 0x1000205fL) - return (0); - printf("\n\nFound OPENSSL_VERSION_NUMBER %#010lx\n", - OPENSSL_VERSION_NUMBER); - printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n" - "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n" - "Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n"); - return (1); -} - ], - [AC_MSG_RESULT(ok)], - [AC_MSG_RESULT(not compatible) - OPENSSL_WARNING=yes - ], - [AC_MSG_RESULT(assuming target platform has compatible version)]) -;; -no) - AC_MSG_RESULT(Skipped OpenSSL version check) -;; -esac AC_MSG_CHECKING(for OpenSSL FIPS mode support) have_fips_mode="" @@ -5557,31 +5520,6 @@ not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and EOF fi -if test "X$OPENSSL_WARNING" != "X"; then -cat << \EOF -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING -WARNING Your OpenSSL crypto library may be vulnerable to WARNING -WARNING one or more of the the following known security WARNING -WARNING flaws: WARNING -WARNING WARNING -WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING -WARNING CVE-2006-2940 and CVE-2015-3193. WARNING -WARNING WARNING -WARNING It is recommended that you upgrade to OpenSSL WARNING -WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING -WARNING (or greater). WARNING -WARNING WARNING -WARNING You can disable this warning by specifying: WARNING -WARNING WARNING -WARNING --disable-openssl-version-check WARNING -WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING -EOF -fi - # Tell Emacs to edit this file in shell mode. # Local Variables: # mode: sh