From ca5b466dcabc8432f68f2cf7a24fae770ad1c0cf Mon Sep 17 00:00:00 2001
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Thu, 30 Jul 2015 14:02:43 +0200
Subject: SSL improvements: ECDH, DH, CRL, and accessible options

- Introduce ssl.dh-param option to specify a file containinf DH parameters.
  If it is provided, EDH ciphers are available.

- Introduce ssl.ec-curve option to specify an elliptic curve name. If
  unspecified, ECDH ciphers are available using the prime256v1 curve.

- Introduce ssl.crl-path option to specify the directory where the
  CRL hash file can be found. Setting to NULL disable CRL checking,
  just like the default.

- Make all ssl.* options accessible through gluster volume set.

- In default cipher list, exclude weak ciphers instead of listing
  the strong ones.

- Enforce server cipher preference.

- introduce RPC_SET_OPT macro to factor repetitive code in glusterd-volgen.c

- Add ssl-ciphers.t test to check all the features touched by this change.

Backport of I7bfd433df6bbf176f4a58e770e06bcdbe22a101a

Change-Id: I2947eabe76ae0487ecad52a60befb7de473fc90c
BUG: 1247153
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>@
Reviewed-on: http://review.gluster.org/11763
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
---
 rpc/rpc-transport/socket/src/socket.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'rpc/rpc-transport/socket/src/socket.h')

diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h
index 2a84e264b81..57676ac2cc7 100644
--- a/rpc/rpc-transport/socket/src/socket.h
+++ b/rpc/rpc-transport/socket/src/socket.h
@@ -13,6 +13,13 @@
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#ifdef ERR_R_DH_LIB
+#include <openssl/dh.h>
+#endif
+#ifdef ERR_R_ECDH_LIB
+#include <openssl/objects.h>
+#include <openssl/ecdh.h>
+#endif
 
 #ifndef _CONFIG_H
 #define _CONFIG_H
-- 
cgit