Mercurial > hg > orthanc

changeset 748:de9763f63510

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
upgrade to openssl-1.0.1g because of heartbeat exploit
author Sebastien Jodogne <s.jodogne@gmail.com>
date Wed, 09 Apr 2014 09:31:38 +0200
parents 44382c8bcd15
children b8c49473be38
files Core/HttpServer/MongooseServer.cpp NEWS Resources/CMake/OpenSslConfiguration.cmake UnitTestsSources/Versions.cpp
diffstat 4 files changed, 24 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/Core/HttpServer/MongooseServer.cpp	Tue Apr 08 11:48:40 2014 +0200
+++ b/Core/HttpServer/MongooseServer.cpp	Wed Apr 09 09:31:38 2014 +0200
@@ -49,6 +49,9 @@
 #include "HttpOutput.h"
 #include "mongoose.h"
 
+#if ORTHANC_SSL_ENABLED == 1
+#include <openssl/opensslv.h>
+#endif
 
 #define ORTHANC_REALM "Orthanc Secure Area"
 
@@ -751,6 +754,16 @@
     ssl_ = false;
     port_ = 8000;
     filter_ = NULL;
+
+#if ORTHANC_SSL_ENABLED == 1
+    // Check for the Heartbeat exploit
+    // https://en.wikipedia.org/wiki/OpenSSL#Heartbleed_bug
+    if (OPENSSL_VERSION_NUMBER <  0x1000107fL  /* openssl-1.0.1g */ &&
+        OPENSSL_VERSION_NUMBER >= 0x1000100fL  /* openssl-1.0.1 */) 
+    {
+      LOG(WARNING) << "This version of OpenSSL can be affected by the Heartbeat exploit";
+    }
+#endif
   }
 
 
--- a/NEWS	Tue Apr 08 11:48:40 2014 +0200
+++ b/NEWS	Wed Apr 09 09:31:38 2014 +0200
@@ -1,6 +1,7 @@
 Pending changes in the mainline
 ===============================
 
+* Switch to openssl-1.0.1g in static builds (cf. Heartbleed exploit)
 * Better logging about nonexistent tags
 * Dcm4Chee manufacturer
 * Automatic discovering of the path to the DICOM dictionaries
--- a/Resources/CMake/OpenSslConfiguration.cmake	Tue Apr 08 11:48:40 2014 +0200
+++ b/Resources/CMake/OpenSslConfiguration.cmake	Wed Apr 09 09:31:38 2014 +0200
@@ -1,8 +1,8 @@
 if (STATIC_BUILD OR NOT USE_SYSTEM_OPENSSL)
-  SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.0.1c)
+  SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.0.1g)
   DownloadPackage(
-    "ae412727c8c15b67880aef7bd2999b2e"
-    "www.montefiore.ulg.ac.be/~jodogne/Orthanc/ThirdPartyDownloads/openssl-1.0.1c.tar.gz"
+    "de62b43dfcd858e66a74bee1c834e959"
+    "www.montefiore.ulg.ac.be/~jodogne/Orthanc/ThirdPartyDownloads/openssl-1.0.1g.tar.gz"
     "${OPENSSL_SOURCES_DIR}")
 
   if (NOT EXISTS "${OPENSSL_SOURCES_DIR}/include/PATCHED")
--- a/UnitTestsSources/Versions.cpp	Tue Apr 08 11:48:40 2014 +0200
+++ b/UnitTestsSources/Versions.cpp	Wed Apr 09 09:31:38 2014 +0200
@@ -9,6 +9,7 @@
 #include <boost/version.hpp>
 #include <sqlite3.h>
 #include <lua.h>
+#include <openssl/opensslv.h>
 
 
 TEST(Versions, Zlib)
@@ -90,5 +91,10 @@
 {
   ASSERT_STREQ("Lua 5.1.5", LUA_RELEASE);
 }
+
+TEST(Version, OpenSslStatic)
+{
+  ASSERT_EQ(0x1000107fL /* openssl-1.0.1g */, OPENSSL_VERSION_NUMBER);
+}
+
 #endif
-