abraunegg · abraunegg · Nov 12, 2024 · Nov 11, 2024 · Nov 11, 2024 · Nov 11, 2024
diff --git a/src/main.d b/src/main.d
@@ -231,6 +231,11 @@
 		}
 	}
 
+	// OpenSSL Version Check
+	// Example - on CentOS 7.9 (OpenSSL 1.0.2k-fips  26 Jan 2017), access with Microsoft OneDrive causes a segfault in sha1_block_data_order_avx from /lib64/libcrypto.so.10
+	// See Discussion #2950 for gdb output
+	checkOpenSSLVersion();
+
 	// In a debug scenario, to assist with understanding the run-time configuration, ensure this flag is set
 	if (debugLogging) {
 		appConfig.setValueBool("display_running_config", true);

diff --git a/src/util.d b/src/util.d
@@ -35,6 +35,7 @@ import core.sys.posix.unistd;
 import core.stdc.string;
 import core.sys.posix.signal;
 import etc.c.curl;
+import std.process;
 
 // What other modules that we have created do we need to import?
 import log;
@@ -1402,3 +1403,51 @@ bool isBadCurlVersion(string curlVersion) {
     // Check if the current version matches one of the supported versions
     return canFind(supportedVersions, curlVersion);
 }
+
+string getOpenSSLVersion() {
+    try {
+        // Execute 'openssl version' and capture the output
+        auto result = executeShell("openssl version");
+
+        // Strip any extraneous whitespace from the output
+        return result.output.strip();
+    } catch (Exception e) {
+        // Handle any exceptions, possibly returning an error message
+        return "Error fetching OpenSSL version: " ~ e.msg;
+    }
+}
+
+void checkOpenSSLVersion() {
+    // Get OpenSSL version string
+    auto versionString = getOpenSSLVersion();
+    if (versionString.startsWith("Error")) {
+        addLogEntry(versionString);
+        exit(1);
+    }
+
+    // Define regex to extract version parts
+    auto versionRegex = regex(r"OpenSSL\s(\d+)\.(\d+)\.(\d+)([a-z]?)");
+
+    auto matches = versionString.match(versionRegex);
+    if (matches.empty) {
+        addLogEntry("Unable to parse OpenSSL version.");
+        exit(1);
+    }
+
+    // Extract major, minor, patch, and optional letter parts
+    uint major = matches.captures[1].to!uint;
+    uint minor = matches.captures[2].to!uint;
+    uint patch = matches.captures[3].to!uint;
+    string letter = matches.captures[4]; // Empty if version is 3.x.x or higher
+
+    // Compare versions
+    if (major < 1 || (major == 1 && minor < 1) || (major == 1 && minor == 1 && patch < 1) ||
+       (major == 1 && minor == 1 && patch == 1 && (letter.empty || letter[0] < 'a'))) {
+        addLogEntry("ERROR: Platform OpenSSL version is less than 1.1.1a. Exiting.");
+        exit(1);
+    } else if (major == 1 && minor == 1 && patch == 1 && !letter.empty && letter[0] >= 'a' && letter[0] <= 'w') {
+        addLogEntry(format("WARNING: Platform OpenSSL version %d.%d.%d%s may cause stability issues.", major, minor, patch, letter));
+    } else if (major >= 3) {
+        // Do nothing for version >= 3.0.0
+    }
+}