2 * version.c Print version number and exit.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 1999-2008 The FreeRADIUS server project
21 * Copyright 2000 Alan DeKok <aland@ox.org>
22 * Copyright 2000 Chris Parker <cparker@starnetusa.com>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/radiusd.h>
31 #ifdef HAVE_OPENSSL_CRYPTO_H
32 #include <openssl/crypto.h>
33 #include <openssl/opensslv.h>
35 static long ssl_built = OPENSSL_VERSION_NUMBER;
37 /** Print the current linked version of Openssl
39 * Print the currently linked version of the OpenSSL library.
41 const char *ssl_version(void)
43 return SSLeay_version(SSLEAY_VERSION);
46 const char *ssl_version()
53 /** Check built and linked versions of OpenSSL match
55 * OpenSSL version number consists of:
56 * MMNNFFPPS: major minor fix patch status
58 * Where status >= 0 && < 10 means beta, and status 10 means release.
60 * Startup check for whether the linked version of OpenSSL matches the
61 * version the server was built against.
63 * @return 0 if ok, else -1
65 #if defined(HAVE_OPENSSL_CRYPTO_H) && defined(ENABLE_OPENSSL_VERSION_CHECK)
66 int ssl_check_version(int allow_vulnerable)
71 * Initialize the library before calling any library
75 SSL_load_error_strings();
77 ssl_linked = SSLeay();
80 * Status mismatch always triggers error.
82 if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) {
84 radlog(L_ERR, "libssl version mismatch. built: %lx linked: %lx",
85 (unsigned long) ssl_built, (unsigned long) ssl_linked);
91 * Use the OpenSSH approach and relax fix checks after version
92 * 1.0.0 and only allow moving backwards within a patch
95 if (ssl_built & 0xff) {
96 if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) ||
97 (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch;
99 * Before 1.0.0 we require the same major minor and fix version
100 * and ignore the patch number.
102 } else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch;
104 if (!allow_vulnerable) {
105 /* Check for bad versions */
106 /* 1.0.1 - 1.0.1f CVE-2014-0160 http://heartbleed.com */
107 if ((ssl_linked >= 0x010001000) && (ssl_linked < 0x010001070)) {
108 radlog(L_ERR, "Refusing to start with libssl version %s (in range 1.0.1 - 1.0.1f). "
109 "Security advisory CVE-2014-0160 (Heartbleed)", ssl_version());
110 radlog(L_ERR, "For more information see http://heartbleed.com");
121 * Display the revision number for this program
126 radlog(L_INFO, "%s: %s", progname, radiusd_version);
127 DEBUG3("Server was built with: ");
129 #ifdef WITH_ACCOUNTING
130 DEBUG3(" accounting");
132 DEBUG3(" authentication"); /* always enabled */
133 /* here are all the conditional feature flags */
134 #if defined(WITH_DHCP)
135 DEBUG3(" WITH_DHCP");
137 #if defined(WITH_VMPS)
138 DEBUG3(" WITH_VMPS");
143 #if defined(WITHOUT_PROXY)
144 DEBUG3(" WITHOUT_PROXY");
146 #if defined(WITHOUT_DETAIL)
147 DEBUG3(" WITHOUT_DETAIL");
149 #if defined(WITHOUT_SESSION_MGMT)
150 DEBUG3(" WITHOUT_SESSION_MGMT");
152 #if defined(WITHOUT_UNLANG)
153 DEBUG3(" WITHOUT_UNLANG");
155 #if defined(WITHOUT_ACCOUNTING)
156 DEBUG3(" WITHOUT_ACCOUNTING");
158 #if defined(WITHOUT_DYNAMIC_CLIENTS)
159 DEBUG3(" WITHOUT_DYNAMIC_CLIENTS");
161 #if defined(WITHOUT_STATS)
162 DEBUG3(" WITHOUT_STATS");
164 #if defined(WITHOUT_COMMAND_SOCKET)
165 DEBUG3(" WITHOUT_COMMAND_SOCKET");
167 #if defined(WITHOUT_COA)
168 DEBUG3(" WITHOUT_COA");
170 DEBUG3("Server core libs:");
171 DEBUG3(" ssl: %s", ssl_version());
173 radlog(L_INFO, "Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.");
174 radlog(L_INFO, "There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A");
175 radlog(L_INFO, "PARTICULAR PURPOSE.");
176 radlog(L_INFO, "You may redistribute copies of FreeRADIUS under the terms of the");
177 radlog(L_INFO, "GNU General Public License.");
178 radlog(L_INFO, "For more information about these matters, see the file named COPYRIGHT.");