diff options
| author | Milind Changire <mchangir@redhat.com> | 2015-11-05 20:08:33 +0530 |
|---|---|---|
| committer | Niels de Vos <ndevos@redhat.com> | 2015-11-20 03:25:29 -0800 |
| commit | 21c7debd3fc2613e10d7ee81543dbd65b2b897fa (patch) | |
| tree | e7a70a62f3439d75d9b0c26fb89619ddf55341b1 /rpc | |
| parent | 3748b6540d7704116cbbef08b7401bdc997464cd (diff) | |
build: fix ecdh.h and dh.h deps
openssl/ecdh.h and openssl/dh.h are not available on all platforms,
especially rhel-5.
This patch adds check to autoconf and updates relevant source files.
Added conditional to test for SSL_OP_NO_TICKET and SSL_OP_NO_COMPRESSION
presence before setting the SSL context options.
Macros UTIME_OMIT and UTIME_NOW picked up from Fedora 22
/usr/include/bits/stat.h to help rhel-5 build.
Change-Id: I2bdee4fe643f9c1f5fe77cf89bd30946cd6b591a
Reviewed-on: http://review.gluster.org/#/c/12517/
BUG: 1258594
Signed-off-by: Milind Changire <mchangir@redhat.com>
Reviewed-on: http://review.gluster.org/12518
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Diffstat (limited to 'rpc')
| -rw-r--r-- | rpc/rpc-transport/socket/src/socket.c | 16 | ||||
| -rw-r--r-- | rpc/rpc-transport/socket/src/socket.h | 4 |
2 files changed, 12 insertions, 8 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index bcc73016382..c5ab22f9941 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -3996,8 +3996,12 @@ socket_init (rpc_transport_t *this) SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv3); +#ifdef SSL_OP_NO_TICKET SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_TICKET); +#endif +#ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_COMPRESSION); +#endif if ((bio = BIO_new_file(dh_param, "r")) == NULL) { gf_log(this->name,GF_LOG_ERROR, @@ -4006,7 +4010,7 @@ socket_init (rpc_transport_t *this) } if (bio != NULL) { -#ifdef ERR_R_DH_LIB +#ifdef HAVE_OPENSSL_DH_H DH *dh; unsigned long err; @@ -4024,15 +4028,15 @@ socket_init (rpc_transport_t *this) "DH ciphers are disabled.", dh_param, ERR_error_string(err, NULL)); } -#else /* ERR_R_DH_LIB */ +#else /* HAVE_OPENSSL_DH_H */ BIO_free(bio); gf_log(this->name, GF_LOG_ERROR, "OpenSSL has no DH support"); -#endif /* ERR_R_DH_LIB */ +#endif /* HAVE_OPENSSL_DH_H */ } if (ec_curve != NULL) { -#ifdef ERR_R_ECDH_LIB +#ifdef HAVE_OPENSSL_ECDH_H EC_KEY *ecdh = NULL; int nid; unsigned long err; @@ -4053,10 +4057,10 @@ socket_init (rpc_transport_t *this) "ECDH ciphers are disabled.", ec_curve, ERR_error_string(err, NULL)); } -#else /* ERR_R_ECDH_LIB */ +#else /* HAVE_OPENSSL_ECDH_H */ gf_log(this->name, GF_LOG_ERROR, "OpenSSL has no ECDH support"); -#endif /* ERR_R_ECDH_LIB */ +#endif /* HAVE_OPENSSL_ECDH_H */ } /* This must be done after DH and ECDH setups */ diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h index 238c1457e4d..c4d27e21947 100644 --- a/rpc/rpc-transport/socket/src/socket.h +++ b/rpc/rpc-transport/socket/src/socket.h @@ -14,10 +14,10 @@ #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/x509v3.h> -#ifdef ERR_R_DH_LIB +#ifdef HAVE_OPENSSL_DH_H #include <openssl/dh.h> #endif -#ifdef ERR_R_ECDH_LIB +#ifdef HAVE_OPENSSL_ECDH_H #include <openssl/objects.h> #include <openssl/ecdh.h> #endif |