From b2d2b2d39a27b09a3a70308460d3b870051364c4 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 3 Apr 2017 11:32:15 +0200 Subject: erts: Update configure check for OpenSSL We have never officially supported OpenSSL-0.9.7* Update to OpenSSL-0.9.8c or later, but OpenSSL-1.0.2 or later is recommended --- erts/configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/erts/configure.in b/erts/configure.in index 1c4a3e90ef..d6ee8ca1ac 100644 --- a/erts/configure.in +++ b/erts/configure.in @@ -4219,7 +4219,7 @@ case "$erl_xcomp_without_sysroot-$with_ssl" in fi - AC_MSG_CHECKING(for OpenSSL >= 0.9.7 in standard locations) + AC_MSG_CHECKING(for OpenSSL >= 0.9.8c in standard locations) for rdir in $extra_dir $std_win_ssl_locations $std_ssl_locations; do dir="$erl_xcomp_sysroot$rdir" if test -f "$erl_xcomp_isysroot$rdir/include/openssl/opensslv.h"; then @@ -4295,7 +4295,7 @@ case "$erl_xcomp_without_sysroot-$with_ssl" in CPPFLAGS=$SSL_INCLUDE AC_EGREP_CPP(^yes$,[ #include -#if OPENSSL_VERSION_NUMBER >= 0x0090700fL +#if OPENSSL_VERSION_NUMBER >= 0x0090803fL yes #endif ],[ -- cgit v1.2.3 From 6b20e866bab480a8dd23b869ff07d7aed631f1d7 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 7 Apr 2017 11:08:36 +0200 Subject: crypto: Update documentation to reflect new version policy --- lib/crypto/doc/src/crypto.xml | 2 +- lib/crypto/doc/src/crypto_app.xml | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index d0deaceaaf..96fd735870 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -521,7 +521,7 @@ scheme. VerStr contains a text variant of the version.

 > info_lib().
-[{<<"OpenSSL">>,9469983,<<"OpenSSL 0.9.8a 11 Oct 2005">>}]
+[{<<"OpenSSL">>,269484095,<<"OpenSSL 1.1.0c  10 Nov 2016"">>}]

From OTP R16 the numeric version represents the version of the OpenSSL diff --git a/lib/crypto/doc/src/crypto_app.xml b/lib/crypto/doc/src/crypto_app.xml index a958bdfcb7..6950dfeec3 100644 --- a/lib/crypto/doc/src/crypto_app.xml +++ b/lib/crypto/doc/src/crypto_app.xml @@ -42,9 +42,12 @@ DEPENDENCIES

The current crypto implementation uses nifs to interface - OpenSSLs crypto library and requires OpenSSL package - version 0.9.8 or higher. FIPS mode support requires at least - version 1.0.1 and a FIPS capable OpenSSL installation.

+ OpenSSLs crypto library and may work with limited functionality + with as old versions as OpenSSL 0.9.8c. + FIPS mode support requires at least + version 1.0.1 and a FIPS capable OpenSSL installation. We recommend using a + version that is officially supported by the OpenSSL project. API compatible backends like + LibreSSL should also work.

Source releases of OpenSSL can be downloaded from the OpenSSL project home page, or mirror sites listed there. -- cgit v1.2.3