[Bug 59025] New: Incorrect OpenSSL version number used in comparisons in Tomcat Native source

Wed, 17 Feb 2016 15:32:01 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=59025

            Bug ID: 59025
           Summary: Incorrect OpenSSL version number used in comparisons
                    in Tomcat Native source
           Product: Tomcat Native
           Version: 1.2.4
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: [email protected]
          Reporter: [email protected]

Both 1.1.x and 1.2.x branches of Tomcat Native have numerous comparisons
between OPENSSL_VERSION_NUMBER and 0x10100000L, the latter being an alpha
release version of OpenSSL that only became available in December 2015 (the
1.2.0 version of Tomcat Native was released in October 2015):

[tomcat-native-1.2.0-src]# grep -r "OPENSSL_VERSION_NUMBER.*0x101" *
native/src/sslutils.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
native/src/sslutils.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
native/src/ssl.c:#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ||
defined(OPENSSL_USE_DEPRECATED)
native/src/ssl.c:#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ||
defined(OPENSSL_USE_DEPRECATED)
native/src/ssl.c:#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ||
defined(OPENSSL_USE_DEPRECATED)
native/src/sslinfo.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
native/src/sslinfo.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
native/src/sslinfo.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
native/src/sslinfo.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
native/src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L

According to the openssl_version_number man page
(http://linux.die.net/man/3/openssl_version_number), OPENSSL_VERSION_NUMBER is
a numeric release version identifier in this format: MMNNFFPPS: major minor fix
patch status

Thus 0x10100000L refers to OpenSSL version 1.1.0. According to the comments of
SVN revision 1681092 (Git SHA-1 fda408291a5557cacad7259248f6632ad5ae264a), the
intended OpenSSL version was 1.0.1:

"this commit also removes all code with #if or #ifdef checks which only apply
to OpenSSL 1.0.1 or earlier"

The value that should be used in all the comparisons above is 0x10001000L.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to