build: fix ecdh.h and dh.h deps

openssl/ecdh.h and openssl/dh.h are not available on all platforms, especially rhel-5. This patch adds check to autoconf and updates relevant source files. Added conditional to test for SSL_OP_NO_TICKET and SSL_OP_NO_COMPRESSION presence before setting the SSL context options. Macros UTIME_OMIT and UTIME_NOW picked up from Fedora 22 /usr/include/bits/stat.h to help rhel-5 build. Change-Id: I2bdee4fe643f9c1f5fe77cf89bd30946cd6b591a Reviewed-on: http://review.gluster.org/#/c/12517/ BUG: 1258594 Signed-off-by: Milind Changire <mchangir@redhat.com> Reviewed-on: http://review.gluster.org/12518 Tested-by: NetBSD Build System <jenkins@build.gluster.org> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Niels de Vos <ndevos@redhat.com>
author: Milind Changire <mchangir@redhat.com> 2015-11-05 20:08:33 +0530
committer: Niels de Vos <ndevos@redhat.com> 2015-11-20 03:25:29 -0800
commit: 21c7debd3fc2613e10d7ee81543dbd65b2b897fa (patch)
tree: e7a70a62f3439d75d9b0c26fb89619ddf55341b1
parent: 3748b6540d7704116cbbef08b7401bdc997464cd (diff)
5 files changed, 28 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac
index dfe105fab66..ff746ff2ab7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -388,6 +388,10 @@ AC_CHECK_HEADERS([sys/ioctl.h], AC_DEFINE(HAVE_IOCTL_IN_SYS_IOCTL_H, 1, [have sy
 
 AC_CHECK_HEADERS([sys/extattr.h])
 
+AC_CHECK_HEADERS([openssl/dh.h])
+
+AC_CHECK_HEADERS([openssl/ecdh.h])
+
 dnl Math library
 AC_CHECK_LIB([m], [pow], [MATH_LIB='-lm'], [MATH_LIB=''])
 AC_SUBST(MATH_LIB)
diff --git a/contrib/qemu/util/oslib-posix.c b/contrib/qemu/util/oslib-posix.c
index bac4c1a158e..0f0f973b8d9 100644
--- a/contrib/qemu/util/oslib-posix.c
+++ b/contrib/qemu/util/oslib-posix.c
@@ -191,6 +191,14 @@ int qemu_pipe(int pipefd[2])
     return ret;
 }
 
+#ifndef UTIME_NOW
+#define UTIME_NOW	((1l << 30) - 1l)
+#endif
+#ifndef UTIME_OMIT
+#define UTIME_OMIT	((1l << 30) - 2l)
+#endif
+
+
 int qemu_utimens(const char *path, const struct timespec *times)
 {
     struct timeval tv[2], tv_now;
diff --git a/glusterfs.spec.in b/glusterfs.spec.in
index c843fbe82b9..a74bf7f6fed 100644
--- a/glusterfs.spec.in
+++ b/glusterfs.spec.in
@@ -594,6 +594,10 @@ This package provides the translators needed on any GlusterFS client.
 # For whatever reason, install-sh is sometimes missing. When this gets fixed,
 # there is no need to run ./autogen or have a BuildRequires for automake.
 [ -e 'install-sh' -o -e 'install.sh' ] || ./autogen.sh
+%if ( 0%{?rhel} && 0%{?rhel} < 6 )
+CFLAGS=-DUSE_INSECURE_OPENSSL
+export CFLAGS
+%endif
 %configure \
 ./autogen.sh && %configure \
         %{?_with_cmocka} \
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index bcc73016382..c5ab22f9941 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -3996,8 +3996,12 @@ socket_init (rpc_transport_t *this)
 
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv2);
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv3);
+#ifdef SSL_OP_NO_TICKET
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_TICKET);
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
                 SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
 
 		if ((bio = BIO_new_file(dh_param, "r")) == NULL) {
 			gf_log(this->name,GF_LOG_ERROR,
@@ -4006,7 +4010,7 @@ socket_init (rpc_transport_t *this)
 		}
 
 		if (bio != NULL) {
-#ifdef ERR_R_DH_LIB
+#ifdef HAVE_OPENSSL_DH_H
                         DH *dh;
                         unsigned long err;
 
@@ -4024,15 +4028,15 @@ socket_init (rpc_transport_t *this)
                                        "DH ciphers are disabled.",
                                        dh_param, ERR_error_string(err, NULL));
                         }
-#else /* ERR_R_DH_LIB */
+#else /* HAVE_OPENSSL_DH_H */
                         BIO_free(bio);
                         gf_log(this->name, GF_LOG_ERROR,
                                "OpenSSL has no DH support");
-#endif /* ERR_R_DH_LIB */
+#endif /* HAVE_OPENSSL_DH_H */
                 }
 
                 if (ec_curve != NULL) {
-#ifdef ERR_R_ECDH_LIB
+#ifdef HAVE_OPENSSL_ECDH_H
                         EC_KEY *ecdh = NULL;
                         int nid;
                         unsigned long err;
@@ -4053,10 +4057,10 @@ socket_init (rpc_transport_t *this)
 				       "ECDH ciphers are disabled.",
                                        ec_curve, ERR_error_string(err, NULL));
 			}
-#else /* ERR_R_ECDH_LIB */
+#else /* HAVE_OPENSSL_ECDH_H */
                         gf_log(this->name, GF_LOG_ERROR,
                                "OpenSSL has no ECDH support");
-#endif /* ERR_R_ECDH_LIB */
+#endif /* HAVE_OPENSSL_ECDH_H */
                 }
 
 		/* This must be done after DH and ECDH setups */
diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h
index 238c1457e4d..c4d27e21947 100644
--- a/rpc/rpc-transport/socket/src/socket.h
+++ b/rpc/rpc-transport/socket/src/socket.h
@@ -14,10 +14,10 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
-#ifdef ERR_R_DH_LIB
+#ifdef HAVE_OPENSSL_DH_H
 #include <openssl/dh.h>
 #endif
-#ifdef ERR_R_ECDH_LIB
+#ifdef HAVE_OPENSSL_ECDH_H
 #include <openssl/objects.h>
 #include <openssl/ecdh.h>
 #endif
author	Milind Changire <mchangir@redhat.com>	2015-11-05 20:08:33 +0530
committer	Niels de Vos <ndevos@redhat.com>	2015-11-20 03:25:29 -0800
commit	21c7debd3fc2613e10d7ee81543dbd65b2b897fa (patch)
tree	e7a70a62f3439d75d9b0c26fb89619ddf55341b1
parent	3748b6540d7704116cbbef08b7401bdc997464cd (diff)