diff options
Diffstat (limited to 'rpc/rpc-transport/socket')
-rw-r--r-- | rpc/rpc-transport/socket/src/socket.c | 8 | ||||
-rw-r--r-- | rpc/rpc-transport/socket/src/socket.h | 1 |
2 files changed, 9 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index 52b3e4bebd4..b0b1b99db10 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -4110,6 +4110,14 @@ socket_init (rpc_transport_t *this) sizeof(priv->ssl_session_id)); SSL_CTX_set_verify(priv->ssl_ctx,SSL_VERIFY_PEER,0); + + /* + * Since glusterfs shares the same settings for client-side + * and server-side of SSL, we need to ignore any certificate + * usage specification (SSL client vs SSL server), otherwise + * SSL connexions will fail with 'unsupported cerritifcate" + */ + SSL_CTX_set_purpose(priv->ssl_ctx, X509_PURPOSE_ANY); } if (priv->own_thread) { diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h index e30d2ece992..6fc845ac286 100644 --- a/rpc/rpc-transport/socket/src/socket.h +++ b/rpc/rpc-transport/socket/src/socket.h @@ -13,6 +13,7 @@ #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/x509v3.h> #include "event.h" #include "rpc-transport.h" |