ENABLE_OPENSSL_VERSION_CHECK was intended to be used to disable checks for vulnerable...

diff --git a/src/main/radiusd.c b/src/main/radiusd.c
index f29c928..6cd9654 100644 (file)
--- a/src/main/radiusd.c
+++ b/src/main/radiusd.c
@@ -293,12 +293,10 @@ int main(int argc, char *argv[])
         *      Mismatch between build time OpenSSL and linked SSL,
         *      better to die here than segfault later.
         */
-#ifdef ENABLE_OPENSSL_VERSION_CHECK
        if (ssl_check_version(mainconfig.allow_vulnerable_openssl) < 0) {
                exit(1);
        }
 #endif
-#endif
 
        /*  Load the modules AFTER doing SSL checks */
        if (setup_modules(FALSE, mainconfig.config) < 0) {

diff --git a/src/main/version.c b/src/main/version.c
index b9ee25e..760a1bf 100644 (file)
--- a/src/main/version.c
+++ b/src/main/version.c
@@ -62,7 +62,7 @@ const char *ssl_version()
  *
  * @return 0 if ok, else -1
  */
-#if defined(HAVE_OPENSSL_CRYPTO_H) && defined(ENABLE_OPENSSL_VERSION_CHECK)
+#ifdef HAVE_OPENSSL_CRYPTO_H
 int ssl_check_version(int allow_vulnerable)
 {
        long ssl_linked;
@@ -94,6 +94,7 @@ int ssl_check_version(int allow_vulnerable)
         */
        } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch;
 
+#  ifdef ENABLE_OPENSSL_VERSION_CHECK
        if (!allow_vulnerable) {
                /* Check for bad versions */
                /* 1.0.1 - 1.0.1f CVE-2014-0160 http://heartbleed.com */
@@ -105,6 +106,7 @@ int ssl_check_version(int allow_vulnerable)
                        return -1;
                }
        }
+#  endif
 
        return 0;
 }