Mercurial > hg > orthanc
diff Core/HttpServer/MongooseServer.cpp @ 748:de9763f63510
upgrade to openssl-1.0.1g because of heartbeat exploit
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Wed, 09 Apr 2014 09:31:38 +0200 |
| parents | 2d0a347e8cfc |
| children | b8c49473be38 |
line wrap: on
line diff
--- a/Core/HttpServer/MongooseServer.cpp Tue Apr 08 11:48:40 2014 +0200 +++ b/Core/HttpServer/MongooseServer.cpp Wed Apr 09 09:31:38 2014 +0200 @@ -49,6 +49,9 @@ #include "HttpOutput.h" #include "mongoose.h" +#if ORTHANC_SSL_ENABLED == 1 +#include <openssl/opensslv.h> +#endif #define ORTHANC_REALM "Orthanc Secure Area" @@ -751,6 +754,16 @@ ssl_ = false; port_ = 8000; filter_ = NULL; + +#if ORTHANC_SSL_ENABLED == 1 + // Check for the Heartbeat exploit + // https://en.wikipedia.org/wiki/OpenSSL#Heartbleed_bug + if (OPENSSL_VERSION_NUMBER < 0x1000107fL /* openssl-1.0.1g */ && + OPENSSL_VERSION_NUMBER >= 0x1000100fL /* openssl-1.0.1 */) + { + LOG(WARNING) << "This version of OpenSSL can be affected by the Heartbeat exploit"; + } +#endif }