rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1

Fedora 26 has OpenSSL-1.1. Compile-time warnings indicate that TLSv1_2_method() is now deprecated. As per the SSL man page: TLS_method(), TLS_server_method(), TLS_client_method() These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. Applications should use these methods, and avoid the version- specific methods described below. ... TLSv1_2_method(), ... ... Note that OpenSSL-1.1 is the version of OpenSSL; Fedora 25 and RHEL 7.3 and other distributions (still) have OpenSSL-1.0. TLS versions are orthogonal to the OpenSSL version. TLS_method() is the new — in OpenSSL-1.1 — version flexible function intended to replace the TLSv1_2_method() function in OpenSSL-1.0 and the older (?), insecure TLSv23_method(). (OpenSSL-1.0 does not have TLS_method()) master: https://review.gluster.org/18268 master BZ: 1491025 release-3.12: https://review.gluster.org/18284 release-3.12 BZ: 1491690 Change-Id: I190363ccffe7c25606ea2cf30a6b9ff1ec186057 BUG: 1491691 Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com> Reviewed-on: https://review.gluster.org/18285 Smoke: Gluster Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
author: Kaleb S. KEITHLEY <kkeithle@redhat.com> 2017-09-12 15:34:15 -0400
committer: Shyamsundar Ranganathan <srangana@redhat.com> 2017-09-17 12:55:40 +0000
commit: b221e51609f558d96652679943326e940d52e2db (patch)
tree: fc966e7b82e6860bc439e99ab6aa6910d75778cb
parent: 0240a6d5ceb507376abaf97ec25409612c137891 (diff)
2 files changed, 9 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac
index 0eebcda7b6b..7b669d4cd98 100644
--- a/configure.ac
+++ b/configure.ac
@@ -601,7 +601,12 @@ AM_CONDITIONAL([ENABLE_BD_XLATOR], [test x$BUILD_BD_XLATOR = xyes])
 dnl check for old openssl
 AC_CHECK_LIB([crypto], CRYPTO_THREADID_set_callback, [AC_DEFINE([HAVE_CRYPTO_THREADID], [1], [use new OpenSSL functions])])
 
-AC_CHECK_LIB([ssl], TLSv1_2_method, [AC_DEFINE([HAVE_TLSV1_2_METHOD], [1], [use new OpenSSL functions])])
+AC_CHECK_LIB([ssl], TLS_method, [HAVE_OPENSSL_1_1="yes"], [HAVE_OPENSSL_1_1="no"])
+if test "x$HAVE_OPENSSL_1_1" = "xyes"; then
+    AC_DEFINE([HAVE_TLS_METHOD], [1], [Using OpenSSL-1.1 TLS_method])
+else
+    AC_CHECK_LIB([ssl], TLSv1_2_method, [AC_DEFINE([HAVE_TLSV1_2_METHOD], [1], [Using OpenSSL-1.0 TLSv1_2_method])])
+fi
 
 # start encryption/crypt section
 
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 8c62a25f67d..9d5737df277 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -4256,7 +4256,9 @@ socket_init (rpc_transport_t *this)
                         goto err;
                 }
 
-#if HAVE_TLSV1_2_METHOD
+#if HAVE_TLS_METHOD
+		priv->ssl_meth = (SSL_METHOD *)TLS_method();
+#elif HAVE_TLSV1_2_METHOD
 		priv->ssl_meth = (SSL_METHOD *)TLSv1_2_method();
 #else
 /*
author	Kaleb S. KEITHLEY <kkeithle@redhat.com>	2017-09-12 15:34:15 -0400
committer	Shyamsundar Ranganathan <srangana@redhat.com>	2017-09-17 12:55:40 +0000
commit	b221e51609f558d96652679943326e940d52e2db (patch)
tree	fc966e7b82e6860bc439e99ab6aa6910d75778cb
parent	0240a6d5ceb507376abaf97ec25409612c137891 (diff)