From 5bdeb5e69261021a3c782079aaa6ac57c995b13c Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Thu, 4 May 2023 19:09:26 +0200 Subject: [PATCH] Deprecate openssl-1.0. These days everybody should have openssl-1.1 (released in 2016) or later. So warn if configure detects openssl-1.0 or earlier. --- NEWS.md | 3 +++ configure.ac | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/NEWS.md b/NEWS.md index e122c43f..a259ef3e 100644 --- a/NEWS.md +++ b/NEWS.md @@ -8,6 +8,9 @@ NEWS - Old style PEM keys are now deprecated. They still work but their use results in a run-time warning. The removal of PEM key support is scheduled for paraslash-0.8.0. +- Version 1.0 of the openssl library has been deprecated. A warning + is printed at compile-time on systems which have this outdated version + because it will no longer be supported once paraslash-0.8.0 comes out. Downloads: [tarball](./releases/paraslash-git.tar.xz) diff --git a/configure.ac b/configure.ac index c7258111..92560e00 100644 --- a/configure.ac +++ b/configure.ac @@ -102,9 +102,14 @@ if test $HAVE_OPENSSL = yes; then if test "$ac_cv_have_decl_RSA_set0_key" != "$ac_cv_lib_crypto_RSA_set0_key"; then AC_MSG_ERROR([openssl header/library mismatch]) fi - test "$ac_cv_have_decl_RSA_set0_key" = yes && + if test "$ac_cv_have_decl_RSA_set0_key" = yes; then AC_DEFINE([HAVE_RSA_SET0_KEY], [1], [openssl >= 1.1]) - + else + AC_MSG_WARN([ + Old openssl library detected. Support for openssl-1.0 and earlier + will be removed in the next major paraslash release. Please upgrade + your openssl installation.]) + fi HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=yes AC_CHECK_DECL([CRYPTO_cleanup_all_ex_data], [], [HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no], -- 2.39.2