build: fix ecdh.h and dh.h deps

openssl.ecdh.h and openssl/dh.h are not available on all platforms. This patch adds check to autoconf and updates relevant source files. Add missing #include "config.h" to socket.c to make HAVE_OPENSSL_DH_H and HAVE_OPENSSL_ECDH_H macros available. Definitions for UTIME_OMIT and UTIME_NOW in contrib/qemu/util/oslib-posix.c have been selected from /usr/include/bits/stat.h on Fedora 22 SSL context options SSL_OP_NO_TICKET and SSL_OP_NO_COMPRESSION are now conditionally set by testing their presence. glusterfs.spec.in file now adds CFLAGS=-DUSE_INSECURE_OPENSSL for RHEL < 6 in the %build section. Change-Id: Ie32a950dad77bb0f09b4ba53edb3e1f3147056f3 BUG: 1258883 Signed-off-by: Milind Changire <mchangir@redhat.com> Reviewed-on: http://review.gluster.org/12517 Tested-by: NetBSD Build System <jenkins@build.gluster.org> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
author: Milind Changire <mchangir@redhat.com> 2015-11-05 19:57:51 +0530
committer: Jeff Darcy <jdarcy@redhat.com> 2015-11-16 07:40:43 -0800
commit: caae86e6f8b8150ad8663c3173fcd6df3c2e260a (patch)
tree: 2a70cd43d81a5b8c2f7638a865a05c6222387d64
parent: 2099cc875a4d20ab1bb12b1c33da16c95968e202 (diff)
5 files changed, 32 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac
index 6c22e0940b4..f39a4cfff89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -388,6 +388,10 @@ AC_CHECK_HEADERS([sys/ioctl.h], AC_DEFINE(HAVE_IOCTL_IN_SYS_IOCTL_H, 1, [have sy
 
 AC_CHECK_HEADERS([sys/extattr.h])
 
+AC_CHECK_HEADERS([openssl/dh.h])
+
+AC_CHECK_HEADERS([openssl/ecdh.h])
+
 dnl Math library
 AC_CHECK_LIB([m], [pow], [MATH_LIB='-lm'], [MATH_LIB=''])
 AC_SUBST(MATH_LIB)
diff --git a/contrib/qemu/util/oslib-posix.c b/contrib/qemu/util/oslib-posix.c
index bac4c1a158e..45f9ca5a156 100644
--- a/contrib/qemu/util/oslib-posix.c
+++ b/contrib/qemu/util/oslib-posix.c
@@ -191,6 +191,13 @@ int qemu_pipe(int pipefd[2])
     return ret;
 }
 
+#ifndef UTIME_OMIT
+#define UTIME_OMIT        ((1l << 30) - 2l)
+#endif
+#ifndef UTIME_NOW
+#define UTIME_NOW      ((1l << 30) - 1l)
+#endif
+
 int qemu_utimens(const char *path, const struct timespec *times)
 {
     struct timeval tv[2], tv_now;
diff --git a/glusterfs.spec.in b/glusterfs.spec.in
index 90705b1ae3c..e4d033a335a 100644
--- a/glusterfs.spec.in
+++ b/glusterfs.spec.in
@@ -589,6 +589,11 @@ This package provides the translators needed on any GlusterFS client.
 %setup -q -n %{name}-%{version}%{?prereltag}
 
 %build
+%if ( 0%{?rhel} && 0%{?rhel} < 6 )
+CFLAGS=-DUSE_INSECURE_OPENSSL
+export CFLAGS
+%endif
+
 ./autogen.sh && %configure \
         %{?_with_cmocka} \
         %{?_with_debug} \
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 4d4d74af024..3ee0c2c75a8 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -8,7 +8,6 @@
   cases as published by the Free Software Foundation.
 */
 
-
 #include "socket.h"
 #include "name.h"
 #include "dict.h"
@@ -3992,8 +3991,12 @@ socket_init (rpc_transport_t *this)
 
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv2);
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv3);
+#ifdef SSL_OP_NO_TICKET
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_TICKET);
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
 
 		if ((bio = BIO_new_file(dh_param, "r")) == NULL) {
 			gf_log(this->name,GF_LOG_ERROR,
@@ -4002,7 +4005,7 @@ socket_init (rpc_transport_t *this)
 		}
 
 		if (bio != NULL) {
-#ifdef ERR_R_DH_LIB
+#ifdef HAVE_OPENSSL_DH_H
                         DH *dh;
                         unsigned long err;
 
@@ -4020,15 +4023,15 @@ socket_init (rpc_transport_t *this)
                                        "DH ciphers are disabled.",
                                        dh_param, ERR_error_string(err, NULL));
                         }
-#else /* ERR_R_DH_LIB */
+#else /* HAVE_OPENSSL_DH_H */
                         BIO_free(bio);
                         gf_log(this->name, GF_LOG_ERROR,
                                "OpenSSL has no DH support");
-#endif /* ERR_R_DH_LIB */
+#endif /* HAVE_OPENSSL_DH_H */
                 }
 
                 if (ec_curve != NULL) {
-#ifdef ERR_R_ECDH_LIB
+#ifdef HAVE_OPENSSL_ECDH_H
                         EC_KEY *ecdh = NULL;
                         int nid;
                         unsigned long err;
@@ -4049,10 +4052,10 @@ socket_init (rpc_transport_t *this)
 				       "ECDH ciphers are disabled.",
                                        ec_curve, ERR_error_string(err, NULL));
 			}
-#else /* ERR_R_ECDH_LIB */
+#else /* HAVE_OPENSSL_ECDH_H */
                         gf_log(this->name, GF_LOG_ERROR,
                                "OpenSSL has no ECDH support");
-#endif /* ERR_R_ECDH_LIB */
+#endif /* HAVE_OPENSSL_ECDH_H */
                 }
 
 		/* This must be done after DH and ECDH setups */
diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h
index 6fc845ac286..4c39695e99d 100644
--- a/rpc/rpc-transport/socket/src/socket.h
+++ b/rpc/rpc-transport/socket/src/socket.h
@@ -14,6 +14,12 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
+#ifdef HAVE_OPENSSL_DH_H
+#include <openssl/dh.h>
+#endif
+#ifdef HAVE_OPENSSL_ECDH_H
+#include <openssl/ecdh.h>
+#endif
 
 #include "event.h"
 #include "rpc-transport.h"
author	Milind Changire <mchangir@redhat.com>	2015-11-05 19:57:51 +0530
committer	Jeff Darcy <jdarcy@redhat.com>	2015-11-16 07:40:43 -0800
commit	caae86e6f8b8150ad8663c3173fcd6df3c2e260a (patch)
tree	2a70cd43d81a5b8c2f7638a865a05c6222387d64
parent	2099cc875a4d20ab1bb12b1c33da16c95968e202 (diff)