summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-transport/socket
diff options
context:
space:
mode:
authorMilind Changire <mchangir@redhat.com>2015-11-05 19:57:51 +0530
committerJeff Darcy <jdarcy@redhat.com>2015-11-16 07:40:43 -0800
commitcaae86e6f8b8150ad8663c3173fcd6df3c2e260a (patch)
tree2a70cd43d81a5b8c2f7638a865a05c6222387d64 /rpc/rpc-transport/socket
parent2099cc875a4d20ab1bb12b1c33da16c95968e202 (diff)
build: fix ecdh.h and dh.h deps
openssl.ecdh.h and openssl/dh.h are not available on all platforms. This patch adds check to autoconf and updates relevant source files. Add missing #include "config.h" to socket.c to make HAVE_OPENSSL_DH_H and HAVE_OPENSSL_ECDH_H macros available. Definitions for UTIME_OMIT and UTIME_NOW in contrib/qemu/util/oslib-posix.c have been selected from /usr/include/bits/stat.h on Fedora 22 SSL context options SSL_OP_NO_TICKET and SSL_OP_NO_COMPRESSION are now conditionally set by testing their presence. glusterfs.spec.in file now adds CFLAGS=-DUSE_INSECURE_OPENSSL for RHEL < 6 in the %build section. Change-Id: Ie32a950dad77bb0f09b4ba53edb3e1f3147056f3 BUG: 1258883 Signed-off-by: Milind Changire <mchangir@redhat.com> Reviewed-on: http://review.gluster.org/12517 Tested-by: NetBSD Build System <jenkins@build.gluster.org> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Diffstat (limited to 'rpc/rpc-transport/socket')
-rw-r--r--rpc/rpc-transport/socket/src/socket.c17
-rw-r--r--rpc/rpc-transport/socket/src/socket.h6
2 files changed, 16 insertions, 7 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 4d4d74af024..3ee0c2c75a8 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -8,7 +8,6 @@
cases as published by the Free Software Foundation.
*/
-
#include "socket.h"
#include "name.h"
#include "dict.h"
@@ -3992,8 +3991,12 @@ socket_init (rpc_transport_t *this)
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv3);
+#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_TICKET);
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
if ((bio = BIO_new_file(dh_param, "r")) == NULL) {
gf_log(this->name,GF_LOG_ERROR,
@@ -4002,7 +4005,7 @@ socket_init (rpc_transport_t *this)
}
if (bio != NULL) {
-#ifdef ERR_R_DH_LIB
+#ifdef HAVE_OPENSSL_DH_H
DH *dh;
unsigned long err;
@@ -4020,15 +4023,15 @@ socket_init (rpc_transport_t *this)
"DH ciphers are disabled.",
dh_param, ERR_error_string(err, NULL));
}
-#else /* ERR_R_DH_LIB */
+#else /* HAVE_OPENSSL_DH_H */
BIO_free(bio);
gf_log(this->name, GF_LOG_ERROR,
"OpenSSL has no DH support");
-#endif /* ERR_R_DH_LIB */
+#endif /* HAVE_OPENSSL_DH_H */
}
if (ec_curve != NULL) {
-#ifdef ERR_R_ECDH_LIB
+#ifdef HAVE_OPENSSL_ECDH_H
EC_KEY *ecdh = NULL;
int nid;
unsigned long err;
@@ -4049,10 +4052,10 @@ socket_init (rpc_transport_t *this)
"ECDH ciphers are disabled.",
ec_curve, ERR_error_string(err, NULL));
}
-#else /* ERR_R_ECDH_LIB */
+#else /* HAVE_OPENSSL_ECDH_H */
gf_log(this->name, GF_LOG_ERROR,
"OpenSSL has no ECDH support");
-#endif /* ERR_R_ECDH_LIB */
+#endif /* HAVE_OPENSSL_ECDH_H */
}
/* This must be done after DH and ECDH setups */
diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h
index 6fc845ac286..4c39695e99d 100644
--- a/rpc/rpc-transport/socket/src/socket.h
+++ b/rpc/rpc-transport/socket/src/socket.h
@@ -14,6 +14,12 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
+#ifdef HAVE_OPENSSL_DH_H
+#include <openssl/dh.h>
+#endif
+#ifdef HAVE_OPENSSL_ECDH_H
+#include <openssl/ecdh.h>
+#endif
#include "event.h"
#include "rpc-transport.h"