summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--configure.ac4
-rw-r--r--contrib/qemu/util/oslib-posix.c7
-rw-r--r--glusterfs.spec.in5
-rw-r--r--rpc/rpc-transport/socket/src/socket.c17
-rw-r--r--rpc/rpc-transport/socket/src/socket.h6
5 files changed, 32 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac
index 6c22e0940b4..f39a4cfff89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -388,6 +388,10 @@ AC_CHECK_HEADERS([sys/ioctl.h], AC_DEFINE(HAVE_IOCTL_IN_SYS_IOCTL_H, 1, [have sy
AC_CHECK_HEADERS([sys/extattr.h])
+AC_CHECK_HEADERS([openssl/dh.h])
+
+AC_CHECK_HEADERS([openssl/ecdh.h])
+
dnl Math library
AC_CHECK_LIB([m], [pow], [MATH_LIB='-lm'], [MATH_LIB=''])
AC_SUBST(MATH_LIB)
diff --git a/contrib/qemu/util/oslib-posix.c b/contrib/qemu/util/oslib-posix.c
index bac4c1a158e..45f9ca5a156 100644
--- a/contrib/qemu/util/oslib-posix.c
+++ b/contrib/qemu/util/oslib-posix.c
@@ -191,6 +191,13 @@ int qemu_pipe(int pipefd[2])
return ret;
}
+#ifndef UTIME_OMIT
+#define UTIME_OMIT ((1l << 30) - 2l)
+#endif
+#ifndef UTIME_NOW
+#define UTIME_NOW ((1l << 30) - 1l)
+#endif
+
int qemu_utimens(const char *path, const struct timespec *times)
{
struct timeval tv[2], tv_now;
diff --git a/glusterfs.spec.in b/glusterfs.spec.in
index 90705b1ae3c..e4d033a335a 100644
--- a/glusterfs.spec.in
+++ b/glusterfs.spec.in
@@ -589,6 +589,11 @@ This package provides the translators needed on any GlusterFS client.
%setup -q -n %{name}-%{version}%{?prereltag}
%build
+%if ( 0%{?rhel} && 0%{?rhel} < 6 )
+CFLAGS=-DUSE_INSECURE_OPENSSL
+export CFLAGS
+%endif
+
./autogen.sh && %configure \
%{?_with_cmocka} \
%{?_with_debug} \
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 4d4d74af024..3ee0c2c75a8 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -8,7 +8,6 @@
cases as published by the Free Software Foundation.
*/
-
#include "socket.h"
#include "name.h"
#include "dict.h"
@@ -3992,8 +3991,12 @@ socket_init (rpc_transport_t *this)
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_SSLv3);
+#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_TICKET);
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(priv->ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
if ((bio = BIO_new_file(dh_param, "r")) == NULL) {
gf_log(this->name,GF_LOG_ERROR,
@@ -4002,7 +4005,7 @@ socket_init (rpc_transport_t *this)
}
if (bio != NULL) {
-#ifdef ERR_R_DH_LIB
+#ifdef HAVE_OPENSSL_DH_H
DH *dh;
unsigned long err;
@@ -4020,15 +4023,15 @@ socket_init (rpc_transport_t *this)
"DH ciphers are disabled.",
dh_param, ERR_error_string(err, NULL));
}
-#else /* ERR_R_DH_LIB */
+#else /* HAVE_OPENSSL_DH_H */
BIO_free(bio);
gf_log(this->name, GF_LOG_ERROR,
"OpenSSL has no DH support");
-#endif /* ERR_R_DH_LIB */
+#endif /* HAVE_OPENSSL_DH_H */
}
if (ec_curve != NULL) {
-#ifdef ERR_R_ECDH_LIB
+#ifdef HAVE_OPENSSL_ECDH_H
EC_KEY *ecdh = NULL;
int nid;
unsigned long err;
@@ -4049,10 +4052,10 @@ socket_init (rpc_transport_t *this)
"ECDH ciphers are disabled.",
ec_curve, ERR_error_string(err, NULL));
}
-#else /* ERR_R_ECDH_LIB */
+#else /* HAVE_OPENSSL_ECDH_H */
gf_log(this->name, GF_LOG_ERROR,
"OpenSSL has no ECDH support");
-#endif /* ERR_R_ECDH_LIB */
+#endif /* HAVE_OPENSSL_ECDH_H */
}
/* This must be done after DH and ECDH setups */
diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h
index 6fc845ac286..4c39695e99d 100644
--- a/rpc/rpc-transport/socket/src/socket.h
+++ b/rpc/rpc-transport/socket/src/socket.h
@@ -14,6 +14,12 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
+#ifdef HAVE_OPENSSL_DH_H
+#include <openssl/dh.h>
+#endif
+#ifdef HAVE_OPENSSL_ECDH_H
+#include <openssl/ecdh.h>
+#endif
#include "event.h"
#include "rpc-transport.h"