Add OpenSSL version warning (#2961)

* Add OpenSSL version warning after gdb analysis (#2950) to determine cause of SIGINT being issued and causing the client to expectantly exit
abraunegg · Nov 12, 2024 · a035ba9 · a035ba9
1 parent 0c01a75
commit a035ba9
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 7 deletions.
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -31,6 +31,7 @@ autoclean
 autoprocess
 autoupdate
 avmkfdiitirnrenzljwc
+avx
 baus
 bcdefghi
 bindir
@@ -175,6 +176,7 @@ lgdk
 lgio
 lglib
 lgobject
+libcrypto
 libdir
 libexec
 libexecdir

diff --git a/src/main.d b/src/main.d
@@ -199,19 +199,22 @@ int main(string[] cliArgs) {
 		}
 	}
 
+	// Common warning
+	string distributionWarning = "         Please report this to your distribution, requesting an update to a newer cURL version, or consider upgrading it yourself for optimal stability.";
+
 	// If 'force_http_11' = false, we need to check the curl version being used
 	if (!appConfig.getValueBool("force_http_11")) {
 		// get the curl version
 		string curlVersion = getCurlVersionNumeric();
-
+		
 		// Is the version of curl or libcurl being used by the platform a known bad curl version for HTTP/2 support
 		if (isBadCurlVersion(curlVersion)) {
 			// add warning message
-			string curlWarningMessage = format("WARNING: Your curl/libcurl version (%s) has known HTTP/2 bugs that impact the use of this application.", curlVersion);
+			string curlWarningMessage = format("WARNING: Your cURL/libcurl version (%s) has known HTTP/2 bugs that impact the use of this client.", curlVersion);
 			addLogEntry();
 			addLogEntry(curlWarningMessage, ["info", "notify"]);
-			addLogEntry("         Please report this to your distribution and request that they provide a newer curl version for your platform or upgrade this yourself.");
-			addLogEntry("         Downgrading all application operations to use HTTP/1.1 to ensure maximum operational stability.");
+			addLogEntry(distributionWarning);
+			addLogEntry("         Downgrading all client operations to use HTTP/1.1 to ensure maximum operational stability.");
 			addLogEntry("         Please read /~https://github.com/abraunegg/onedrive/blob/master/docs/usage.md#compatibility-with-curl for more information.");
 			addLogEntry();
 			appConfig.setValueBool("force_http_11" , true);
@@ -223,14 +226,19 @@ int main(string[] cliArgs) {
 		// Is the version of curl or libcurl being used by the platform a known bad curl version
 		if (isBadCurlVersion(curlVersion)) {
 			// add warning message
-			string curlWarningMessage = format("WARNING: Your curl/libcurl version (%s) has known operational bugs that impact the use of this application.", curlVersion);
+			string curlWarningMessage = format("WARNING: Your cURL/libcurl version (%s) has known operational bugs that impact the use of this client.", curlVersion);
 			addLogEntry();
 			addLogEntry(curlWarningMessage, ["info", "notify"]);
-			addLogEntry("         Please report this to your distribution and request that they provide a newer curl version for your platform or upgrade this yourself.");
+			addLogEntry(distributionWarning);
 			addLogEntry();
 		}
 	}
 
+	// OpenSSL Version Check
+	// Example - on CentOS 7.9 (OpenSSL 1.0.2k-fips  26 Jan 2017), access with Microsoft OneDrive causes a segfault in sha1_block_data_order_avx from /lib64/libcrypto.so.10
+	// See Discussion #2950 for gdb output
+	checkOpenSSLVersion();
+
 	// In a debug scenario, to assist with understanding the run-time configuration, ensure this flag is set
 	if (debugLogging) {
 		appConfig.setValueBool("display_running_config", true);

diff --git a/src/util.d b/src/util.d
@@ -35,6 +35,7 @@ import core.sys.posix.unistd;
 import core.stdc.string;
 import core.sys.posix.signal;
 import etc.c.curl;
+import std.process;
 
 // What other modules that we have created do we need to import?
 import log;
@@ -733,7 +734,7 @@ void displayPosixErrorMessage(string message) {
 // Display the Error Message
 void displayGeneralErrorMessage(Exception e, string callingFunction=__FUNCTION__, int lineno=__LINE__) {
 	addLogEntry(); // used rather than writeln
-	addLogEntry("ERROR: Encounter " ~ e.classinfo.name ~ ":");
+	addLogEntry("ERROR: Encountered a " ~ e.classinfo.name ~ ":");
 	addLogEntry("  Error Message:    " ~ e.msg);
 	addLogEntry("  Calling Function: " ~ callingFunction);
 	addLogEntry("  Line number:      " ~ to!string(lineno));
@@ -1402,3 +1403,59 @@ bool isBadCurlVersion(string curlVersion) {
     // Check if the current version matches one of the supported versions
     return canFind(supportedVersions, curlVersion);
 }
+
+string getOpenSSLVersion() {
+	try {
+	// Execute 'openssl version' and capture the output
+	auto result = executeShell("openssl version");
+
+	// Strip any extraneous whitespace from the output
+	return result.output.strip();
+	} catch (Exception e) {
+		// Handle any exceptions, possibly returning an error message
+		return "Error fetching OpenSSL version: " ~ e.msg;
+	}
+}
+
+void checkOpenSSLVersion() {
+	// Get OpenSSL version string
+	auto versionString = getOpenSSLVersion();
+	if (versionString.startsWith("Error")) {
+		addLogEntry(versionString);
+		// Must force exit here, allow logging to be done
+		forceExit();
+	}
+
+	// Define regex to extract version parts
+	auto versionRegex = regex(r"OpenSSL\s(\d+)\.(\d+)\.(\d+)([a-z]?)");
+
+	auto matches = versionString.match(versionRegex);
+	if (matches.empty) {
+		addLogEntry("Unable to parse OpenSSL version.");
+		// Must force exit here, allow logging to be done
+		forceExit();
+	}
+
+	// Extract major, minor, patch, and optional letter parts
+	uint major = matches.captures[1].to!uint;
+	uint minor = matches.captures[2].to!uint;
+	uint patch = matches.captures[3].to!uint;
+	string letter = matches.captures[4]; // Empty if version is 3.x.x or higher
+	string distributionWarning = "         Please report this to your distribution, requesting an update to a newer OpenSSL version, or consider upgrading it yourself for optimal stability.";
+
+	// Compare versions
+	if (major < 1 || (major == 1 && minor < 1) || (major == 1 && minor == 1 && patch < 1) ||
+		(major == 1 && minor == 1 && patch == 1 && (letter.empty || letter[0] < 'a'))) {
+			addLogEntry();
+			addLogEntry(format("WARNING: Your OpenSSL version (%d.%d.%d%s) is below the minimum required version of 1.1.1a. Significant operational issues are likely when using this client.", major, minor, patch, letter), ["info", "notify"]);
+			addLogEntry(distributionWarning);
+			addLogEntry();
+	} else if (major == 1 && minor == 1 && patch == 1 && !letter.empty && letter[0] >= 'a' && letter[0] <= 'w') {
+		addLogEntry();
+		addLogEntry(format("WARNING: Your OpenSSL version (%d.%d.%d%s) may cause stability issues with this client.", major, minor, patch, letter), ["info", "notify"]);
+		addLogEntry(distributionWarning);
+		addLogEntry();
+	} else if (major >= 3) {
+		// Do nothing for version >= 3.0.0
+	}
+}