# HG changeset patch # Parent b13da8c3e99081cb92ab226d2c512241a82cd0d5 disable run-time check for OpenSSL ABI by version number as that is not a reliable indicator of ABI changes and doesn't make much sense in a distribution package diff --git a/configure.ac b/configure.ac index 42ffd95..20a1884 100644 --- a/configure.ac +++ b/configure.ac @@ -4878,6 +4878,19 @@ AC_ARG_WITH([bsd-auth], ] ) +# Whether we are using distribution (Open)SSL, so no runtime checks are necessary +DISTRO_SSL=no +AC_ARG_WITH([distro-ssl], + [ --with-distro-ssl Disable runtime OpenSSL version checks (good for distributions)], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE([DISTRO_SSL], [1], + [Define if you are using distribution SSL library and don;t expect its API/ABI to change]) + DISTRO_SSL=yes + fi + ] +) + # Where to place sshd.pid piddir=/var/run # make sure the directory exists diff --git a/entropy.c b/entropy.c index f8b9f42..4957b23 100644 --- a/entropy.c +++ b/entropy.c @@ -223,11 +223,13 @@ seed_rng(void) /* Initialise libcrypto */ ssh_libcrypto_init(); +#ifndef DISTRO_SSL if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, OpenSSL_version_num())) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, OpenSSL_version_num()); +#endif #ifndef OPENSSL_PRNG_ONLY if (RAND_status() == 1)