Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jul 2012 17:36:14 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: RFC: add more information to --list=build-info output?

On 07/19/2012 04:59 PM, jfoug wrote:
>>> Add:
>>> OpenSSL version, and bit size (if that can be found).
>>
>> Do we link OpenSSL dynamically? In that case, I'd consider that run time
>> info instead of build-info.
>> This would justify a --list=run-time-info.
>>
>> I'll have to check what happens if I print OPENSSL_VERSION_NUMBER, and
>> copy the binary that has been built on one machine to another one.
> 
> The OPENSSL_VERSION_NUMBER is a compile time thing.  There likely is some
> way to get the version of the runtime instance also.

OK, I've found something

man OPENSSL_VERSION_NUMBER works :)

OPENSSL_VERSION_NUMBER(3)                          OpenSSL
           OPENSSL_VERSION_NUMBER(3)

NAME
       OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL
version number

SYNOPSIS
        #include <openssl/opensslv.h>
        #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL

        #include <openssl/crypto.h>
        long SSLeay(void);
        const char *SSLeay_version(int t);

...

So, OPENSSL_VERSION_NUMBER contains the compile time string of the
binary, but  SSLeay() should return the library version number.
So, we could print the OPENSSL_VERSION_NUMBER, and print a warning if
OpenSSL is missing, or if the version number differs (or would we warn
only if the library version is smaller than the compile time version?

> This WOULD be a good check, if they do not match, list this as a warning.
> Even though this would be a run-time check, I think it would be beneficial
> to have the run-time version listed on the -list=build-info, IF that version
> did not match what this image was built with.

Sounds reasonable.

Nevertheless, a --list=run-time-info can be useful.
Various library versions, CPU info, OS and version, available memory,
locale setting (LANG=en_US.UTF-8 / LC_ALL=C) ...

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ