summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--rpc/rpc-transport/socket/src/socket.c8
-rw-r--r--rpc/rpc-transport/socket/src/socket.h1
2 files changed, 9 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 52b3e4bebd4..b0b1b99db10 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -4110,6 +4110,14 @@ socket_init (rpc_transport_t *this)
sizeof(priv->ssl_session_id));
SSL_CTX_set_verify(priv->ssl_ctx,SSL_VERIFY_PEER,0);
+
+ /*
+ * Since glusterfs shares the same settings for client-side
+ * and server-side of SSL, we need to ignore any certificate
+ * usage specification (SSL client vs SSL server), otherwise
+ * SSL connexions will fail with 'unsupported cerritifcate"
+ */
+ SSL_CTX_set_purpose(priv->ssl_ctx, X509_PURPOSE_ANY);
}
if (priv->own_thread) {
diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h
index e30d2ece992..6fc845ac286 100644
--- a/rpc/rpc-transport/socket/src/socket.h
+++ b/rpc/rpc-transport/socket/src/socket.h
@@ -13,6 +13,7 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
+#include <openssl/x509v3.h>
#include "event.h"
#include "rpc-transport.h"