From 36f12725ebda2bfd6ed4fe98b0eeaf1ce01f2604 Mon Sep 17 00:00:00 2001
From: Nigel Metheringham <nigel@exim.org>
Date: Wed, 14 Oct 2009 13:52:48 +0000
Subject: [PATCH] TLS version reporting.  fixes: #745

---
 doc/doc-txt/ChangeLog |  4 +++-
 src/src/exim.c        | 10 +++++++++-
 src/src/functions.h   |  3 ++-
 src/src/tls-gnu.c     | 22 +++++++++++++++++++++-
 src/src/tls-openssl.c | 26 +++++++++++++++++++++++++-
 5 files changed, 60 insertions(+), 5 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 260825c44..944cc6717 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.567 2009/10/14 13:43:40 nm4 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.568 2009/10/14 13:52:48 nm4 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -105,6 +105,8 @@ NM/17 Changed NOTICE file to remove references to embedded PCRE.
 
 NM/18 Bugzilla 894: Fix issue with very long lines including comments in lsearch
 
+NM/18 Bugzilla 745: TLS version reporting
+
 
 Exim version 4.69
 -----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index 77d27ab53..9a8bbb365 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/exim.c,v 1.62 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/exim.c,v 1.63 2009/10/14 13:52:48 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1055,6 +1055,14 @@ if (fixed_never_users[0] > 0)
   }
 
 fprintf(f, "Size of off_t: %d\n", sizeof(off_t));
+
+/* This runtime check is to help diagnose library linkage mismatches which
+result in segfaults and the like; as such, it's left until the end,
+just in case.  There will still be a "Configuration file is" line still to
+come. */
+#ifdef SUPPORT_TLS
+tls_version_report(f);
+#endif
 }
 
 
diff --git a/src/src/functions.h b/src/src/functions.h
index 691ff7af7..52f6f6b73 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/functions.h,v 1.44 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/functions.h,v 1.45 2009/10/14 13:52:48 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -35,6 +35,7 @@ extern int     tls_server_start(uschar *, uschar *, uschar *, uschar *);
 extern BOOL    tls_smtp_buffered(void);
 extern int     tls_ungetc(int);
 extern int     tls_write(const uschar *, size_t);
+extern void    tls_version_report(FILE *);
 #endif
 
 
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index a73d8b893..c26a9bac6 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/tls-gnu.c,v 1.21 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/tls-gnu.c,v 1.22 2009/10/14 13:52:48 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1298,4 +1298,24 @@ gnutls_global_deinit();
 tls_active = -1;
 }
 
+
+
+
+/*************************************************
+*         Report the library versions.           *
+*************************************************/
+
+/* See a description in tls-openssl.c for an explanation of why this exists.
+
+Arguments:   a FILE* to print the results to
+Returns:     nothing
+*/
+
+void
+tls_version_report(FILE *f)
+{
+fprintf(f, "GnuTLS compile-time version: %s\n", LIBGNUTLS_VERSION);
+fprintf(f, "GnuTLS runtime version: %s\n", gnutls_check_version(NULL));
+}
+
 /* End of tls-gnu.c */
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 703612d0d..9493d769a 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/tls-openssl.c,v 1.14 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/tls-openssl.c,v 1.15 2009/10/14 13:52:48 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1025,4 +1025,28 @@ ssl = NULL;
 tls_active = -1;
 }
 
+
+
+
+/*************************************************
+*         Report the library versions.           *
+*************************************************/
+
+/* There have historically been some issues with binary compatibility in
+OpenSSL libraries; if Exim (like many other applications) is built against
+one version of OpenSSL but the run-time linker picks up another version,
+it can result in serious failures, including crashing with a SIGSEGV.  So
+report the version found by the compiler and the run-time version.
+
+Arguments:   a FILE* to print the results to
+Returns:     nothing
+*/
+
+void
+tls_version_report(FILE *f)
+{
+fprintf(f, "OpenSSL compile-time version: %s\n", OPENSSL_VERSION_TEXT);
+fprintf(f, "OpenSSL runtime version: %s\n", SSLeay_version(SSLEAY_VERSION));
+}
+
 /* End of tls-openssl.c */
-- 
2.25.1