diff options
author | Milind Changire <mchangir@redhat.com> | 2015-11-05 19:57:51 +0530 |
---|---|---|
committer | Jeff Darcy <jdarcy@redhat.com> | 2015-11-16 07:40:43 -0800 |
commit | caae86e6f8b8150ad8663c3173fcd6df3c2e260a (patch) | |
tree | 2a70cd43d81a5b8c2f7638a865a05c6222387d64 /rpc/rpc-transport/socket | |
parent | 2099cc875a4d20ab1bb12b1c33da16c95968e202 (diff) |
build: fix ecdh.h and dh.h deps
openssl.ecdh.h and openssl/dh.h are not available on all platforms.
This patch adds check to autoconf and updates relevant source files.
Add missing #include "config.h" to socket.c to make HAVE_OPENSSL_DH_H
and HAVE_OPENSSL_ECDH_H macros available.
Definitions for UTIME_OMIT and UTIME_NOW in
contrib/qemu/util/oslib-posix.c have been selected from
/usr/include/bits/stat.h on Fedora 22
SSL context options SSL_OP_NO_TICKET and SSL_OP_NO_COMPRESSION are now
conditionally set by testing their presence.
glusterfs.spec.in file now adds CFLAGS=-DUSE_INSECURE_OPENSSL for
RHEL < 6 in the %build section.
Change-Id: Ie32a950dad77bb0f09b4ba53edb3e1f3147056f3
BUG: 1258883
Signed-off-by: Milind Changire <mchangir@redhat.com>
Reviewed-on: http://review.gluster.org/12517
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Diffstat (limited to 'rpc/rpc-transport/socket')
-rw-r--r-- | rpc/rpc-transport/socket/src/socket.c | 17 | ||||
-rw-r--r-- | rpc/rpc-transport/socket/src/socket.h | 6 |
2 files changed, 16 insertions, 7 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index 4d4d74af024..3ee0c2c75a8 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -8,7 +8,6 @@ cases as published by the Free Software Foundation. */ - #include "socket.h" #include "name.h" #include "dict.h" @@ -3992,8 +3991,12 @@ socket_init (rpc_transport_t *this) SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv3); +#ifdef SSL_OP_NO_TICKET SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_TICKET); +#endif +#ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_COMPRESSION); +#endif if ((bio = BIO_new_file(dh_param, "r")) == NULL) { gf_log(this->name,GF_LOG_ERROR, @@ -4002,7 +4005,7 @@ socket_init (rpc_transport_t *this) } if (bio != NULL) { -#ifdef ERR_R_DH_LIB +#ifdef HAVE_OPENSSL_DH_H DH *dh; unsigned long err; @@ -4020,15 +4023,15 @@ socket_init (rpc_transport_t *this) "DH ciphers are disabled.", dh_param, ERR_error_string(err, NULL)); } -#else /* ERR_R_DH_LIB */ +#else /* HAVE_OPENSSL_DH_H */ BIO_free(bio); gf_log(this->name, GF_LOG_ERROR, "OpenSSL has no DH support"); -#endif /* ERR_R_DH_LIB */ +#endif /* HAVE_OPENSSL_DH_H */ } if (ec_curve != NULL) { -#ifdef ERR_R_ECDH_LIB +#ifdef HAVE_OPENSSL_ECDH_H EC_KEY *ecdh = NULL; int nid; unsigned long err; @@ -4049,10 +4052,10 @@ socket_init (rpc_transport_t *this) "ECDH ciphers are disabled.", ec_curve, ERR_error_string(err, NULL)); } -#else /* ERR_R_ECDH_LIB */ +#else /* HAVE_OPENSSL_ECDH_H */ gf_log(this->name, GF_LOG_ERROR, "OpenSSL has no ECDH support"); -#endif /* ERR_R_ECDH_LIB */ +#endif /* HAVE_OPENSSL_ECDH_H */ } /* This must be done after DH and ECDH setups */ diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h index 6fc845ac286..4c39695e99d 100644 --- a/rpc/rpc-transport/socket/src/socket.h +++ b/rpc/rpc-transport/socket/src/socket.h @@ -14,6 +14,12 @@ #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/x509v3.h> +#ifdef HAVE_OPENSSL_DH_H +#include <openssl/dh.h> +#endif +#ifdef HAVE_OPENSSL_ECDH_H +#include <openssl/ecdh.h> +#endif #include "event.h" #include "rpc-transport.h" |