From ca5b466dcabc8432f68f2cf7a24fae770ad1c0cf Mon Sep 17 00:00:00 2001
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Thu, 30 Jul 2015 14:02:43 +0200
Subject: SSL improvements: ECDH, DH, CRL, and accessible options

- Introduce ssl.dh-param option to specify a file containinf DH parameters.
  If it is provided, EDH ciphers are available.

- Introduce ssl.ec-curve option to specify an elliptic curve name. If
  unspecified, ECDH ciphers are available using the prime256v1 curve.

- Introduce ssl.crl-path option to specify the directory where the
  CRL hash file can be found. Setting to NULL disable CRL checking,
  just like the default.

- Make all ssl.* options accessible through gluster volume set.

- In default cipher list, exclude weak ciphers instead of listing
  the strong ones.

- Enforce server cipher preference.

- introduce RPC_SET_OPT macro to factor repetitive code in glusterd-volgen.c

- Add ssl-ciphers.t test to check all the features touched by this change.

Backport of I7bfd433df6bbf176f4a58e770e06bcdbe22a101a

Change-Id: I2947eabe76ae0487ecad52a60befb7de473fc90c
BUG: 1247153
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>@
Reviewed-on: http://review.gluster.org/11763
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
---
 libglusterfs/src/globals.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'libglusterfs')

diff --git a/libglusterfs/src/globals.h b/libglusterfs/src/globals.h
index 8b513d03646..3f91363a7c9 100644
--- a/libglusterfs/src/globals.h
+++ b/libglusterfs/src/globals.h
@@ -37,7 +37,7 @@
  */
 #define GD_OP_VERSION_MIN  1 /* MIN is the fresh start op-version, mostly
                                 should not change */
-#define GD_OP_VERSION_MAX  GD_OP_VERSION_3_7_3 /* MAX VERSION is the maximum
+#define GD_OP_VERSION_MAX  GD_OP_VERSION_3_7_4 /* MAX VERSION is the maximum
                                                   count in VME table, should
                                                   keep changing with
                                                   introduction of newer
@@ -53,6 +53,8 @@
 
 #define GD_OP_VERSION_3_7_3    30703 /* Op-version for GlusterFS 3.7.3 */
 
+#define GD_OP_VERSION_3_7_4    30704 /* Op-version for GlusterFS 3.7.4 */
+
 #define GD_OP_VER_PERSISTENT_AFR_XATTRS GD_OP_VERSION_3_6_0
 
 #include "xlator.h"
-- 
cgit