Determining OpenSSL version with ifdef

Question

I've written code that under certain circumstances might load X509_STORE into SSL_CTX, and since I don't know if it happens I free the store at the end of the program.

I call X509_STORE_up_ref after loading the store into the context to avoid a reference count error, since SSL_CTX_free also frees the store in case it was loaded into the given context.

However, I noticed that X509_STORE_up_ref is a newer command and my program fails to compile on older systems. I'd like in that case to wrap the call to that function with an #ifdef for OpenSSL's version.

1. What is the right way to check OpenSSL's version with an #ifdef?
2. Am I right to even be in the position I'm in, or am I using the store the wrong way?

Answer 1

You can check the OpenSSL version number by looking at the OPENSSL_VERSION_NUMBER macro. The opensslv.h file contains the following comments regarding its value:

/*-
 * Numeric release version identifier:
 * MNNFFPPS: major minor fix patch status
 * The status nibble has one of the values 0 for development, 1 to e for betas
 * 1 to 14, and f for release.  The patch level is exactly that.
 * For example:
 * 0.9.3-dev      0x00903000
 * 0.9.3-beta1    0x00903001
 * 0.9.3-beta2-dev 0x00903002
 * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
 * 0.9.3          0x0090300f
 * 0.9.3a         0x0090301f
 * 0.9.4          0x0090400f
 * 1.2.3z         0x102031af

So if for example you had a certain feature that required OpenSSL 1.1.0 or higher you would do this:

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
// code for version 1.1.0 or greater
#else
// code for 1.0.x or lower
#endif