diff options
| author | Kaleb S. KEITHLEY <kkeithle@redhat.com> | 2017-09-12 15:34:15 -0400 |
|---|---|---|
| committer | Shyamsundar Ranganathan <srangana@redhat.com> | 2017-09-17 12:55:40 +0000 |
| commit | b221e51609f558d96652679943326e940d52e2db (patch) | |
| tree | fc966e7b82e6860bc439e99ab6aa6910d75778cb /configure.ac | |
| parent | 0240a6d5ceb507376abaf97ec25409612c137891 (diff) | |
rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1
Fedora 26 has OpenSSL-1.1. Compile-time warnings indicate
that TLSv1_2_method() is now deprecated. As per the SSL man page:
TLS_method(), TLS_server_method(), TLS_client_method()
These are the general-purpose version-flexible SSL/TLS methods.
The actual protocol version used will be negotiated to the highest
version mutually supported by the client and the server. The
supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
Applications should use these methods, and avoid the version-
specific methods described below.
...
TLSv1_2_method(), ...
...
Note that OpenSSL-1.1 is the version of OpenSSL; Fedora 25 and RHEL 7.3
and other distributions (still) have OpenSSL-1.0.
TLS versions are orthogonal to the OpenSSL version. TLS_method() is the
new — in OpenSSL-1.1 — version flexible function intended to replace the
TLSv1_2_method() function in OpenSSL-1.0 and the older (?), insecure
TLSv23_method(). (OpenSSL-1.0 does not have TLS_method())
master: https://review.gluster.org/18268
master BZ: 1491025
release-3.12: https://review.gluster.org/18284
release-3.12 BZ: 1491690
Change-Id: I190363ccffe7c25606ea2cf30a6b9ff1ec186057
BUG: 1491691
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: https://review.gluster.org/18285
Smoke: Gluster Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 0eebcda7b6b..7b669d4cd98 100644 --- a/configure.ac +++ b/configure.ac @@ -601,7 +601,12 @@ AM_CONDITIONAL([ENABLE_BD_XLATOR], [test x$BUILD_BD_XLATOR = xyes]) dnl check for old openssl AC_CHECK_LIB([crypto], CRYPTO_THREADID_set_callback, [AC_DEFINE([HAVE_CRYPTO_THREADID], [1], [use new OpenSSL functions])]) -AC_CHECK_LIB([ssl], TLSv1_2_method, [AC_DEFINE([HAVE_TLSV1_2_METHOD], [1], [use new OpenSSL functions])]) +AC_CHECK_LIB([ssl], TLS_method, [HAVE_OPENSSL_1_1="yes"], [HAVE_OPENSSL_1_1="no"]) +if test "x$HAVE_OPENSSL_1_1" = "xyes"; then + AC_DEFINE([HAVE_TLS_METHOD], [1], [Using OpenSSL-1.1 TLS_method]) +else + AC_CHECK_LIB([ssl], TLSv1_2_method, [AC_DEFINE([HAVE_TLSV1_2_METHOD], [1], [Using OpenSSL-1.0 TLSv1_2_method])]) +fi # start encryption/crypt section |