Tuesday, March 13, 2012


Over the weekend, I uploaded a new module called OpenSSL::Versions to CPAN.

The sole purpose of the module is to figure out the corresponding human friendly version number of an OpenSSL distribution using the text of the OPENSSL_VERSION_NUMBER macro.

The greater purpose of the module is to help me clean up the build process for Crypt::SSLeay which, over the years, has accumulated a bunch of workarounds.

The remainder of this post is taken directly from the README.md accompanying the distribution and explains the problem and how I went about solving it. I released this instead of stashing it into the inc directory of the distribution just in case there is someone else out there who might want to figure out OpenSSL versions using information found in header files.

OpenSSL source code uses a hexadecimal number which encodes various bits of information. The meaning of various parts have changed over the history of the library. For example, you have

    #define OPENSSL_VERSION_NUMBER 0x0913 /* Version 0.9.1c is 0913 */


    #define OPENSSL_VERSION_NUMBER 0x1000007fL /* OpenSSL 1.0.0g */

The evolution of the version number scheme is explained in the crypto/opensslv.h file in the distribution. If you have already built OpenSSL, you can determine its version by invoking the command line utility:

    $ openssl version
    OpenSSL 1.0.0g 18 Jan 2012

However, if all you have is the source code, and you want to determine exact version information on the basis of the string representation of the OPENSSL_VERSION_NUMBER macro, you have to use pattern matching and deal with a bunch of corner cases.

The Makefile.PL for Crypt::SSLeay contained a simplistic approach to parsing the value of OPENSSL_VERSION_NUMBER which people had tweaked over time to deal with changes. I added functions to deal with specific ranges of version numbers. But, I did not think those functions belonged in a Makefile.PL Plus, I hadn't really tested them except in a handful of cases.

So, I put them in their own module. To test the routines, I downloaded all available versions of OpenSSL (excluding archives with 'fips' and 'engine' in their names), and built a mapping between the value of OPENSSL_VERSION_NUMBER in each archive and the corresponding human friendly version string in the name of the archive.

I don't plan on updating the module other than fixing reported bugs and incorporating any future changes in the encoding of version information in OPENSSL_VERSION_NUMBER.

I am not sure if this will indeed be useful to others and I would love to hear from you if you think there is a place for it in your project.

PS: You can find the repository on GitHub.

No comments:

Post a Comment