From 0bb51f8a620cb059ed94bcba10d5f3d285f04371 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Sun, 17 May 2015 15:26:03 +0200 Subject: build: fix compiling on older distributions data-tiering is disabled on RHEL-5 because it depends on a too new SQLite version. This change also prevents installing some of files that are used by geo-replication, which is also not available on RHEL-5. geo-replication depends on a too recent version of Python. Due to an older version of OpenSSL, some of the newer functions can not be used. A fallback to previous functions is done. Unfortunately RHEL-5 does not seem to have TLSv1.2 support, so only older versions can be used. Cherry picked from commit 0209b18fd65f9df5ebd0a8764ebf864d0d392998: > Change-Id: I672264a673f5432358d2e83b17e2a34efd9fd913 > BUG: 1222317 > Signed-off-by: Niels de Vos > Reviewed-on: http://review.gluster.org/10803 > Tested-by: NetBSD Build System > Tested-by: Gluster Build System > Reviewed-by: Kaleb KEITHLEY > Reviewed-by: Vijay Bellur Also including the changes from http://review.gluster.org/11140: > build: improve detection of new OpenSSL features > > Building on Mac OS X revealed that the current check for > CRYPTO_THREADID_set_callback() availability in OpenSSL is not correct. > > There also does not seem to be a guarantee that TLSv1_2_method() is > available when TLS1_2_VERSION is #define'd. > > Change-Id: I21508065fc181a1c74bee4fd6d23bb5bdf7cea7a > BUG: 1222317 > Reviewed-on: http://review.gluster.org/11140 > Original-author: Kaleb KEITHLEY > Signed-off-by: Niels de Vos Change-Id: I672264a673f5432358d2e83b17e2a34efd9fd913 BUG: 1228510 Signed-off-by: Niels de Vos Reviewed-on: http://review.gluster.org/11096 Tested-by: Gluster Build System Reviewed-by: Atin Mukherjee Reviewed-by: Kaleb KEITHLEY --- rpc/rpc-transport/socket/src/socket.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'rpc') diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index e30e2312815..a39c16d2099 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -3714,6 +3714,7 @@ locking_func (int mode, int type, const char *file, int line) } } +#if HAVE_CRYPTO_THREADID static void threadid_func (CRYPTO_THREADID *id) { @@ -3729,6 +3730,14 @@ threadid_func (CRYPTO_THREADID *id) */ CRYPTO_THREADID_set_numeric (id, (unsigned long)pthread_self()); } +#else /* older openssl */ +static unsigned long +legacy_threadid_func (void) +{ + /* See comments above, it applies here too. */ + return (unsigned long)pthread_self(); +} +#endif static void __attribute__((constructor)) init_openssl_mt (void) @@ -3743,7 +3752,11 @@ init_openssl_mt (void) pthread_mutex_init (&lock_array[i], NULL); } CRYPTO_set_locking_callback (locking_func); +#if HAVE_CRYPTO_THREADID CRYPTO_THREADID_set_callback (threadid_func); +#else /* older openssl */ + CRYPTO_set_id_callback (legacy_threadid_func); +#endif constructor_ok = _gf_true; } @@ -3992,7 +4005,12 @@ socket_init (rpc_transport_t *this) goto err; } +#if HAVE_TLSV1_2_METHOD priv->ssl_meth = (SSL_METHOD *)TLSv1_2_method(); +#else /* old openssl */ +#warning TLSv1.2 is not available, using insecure TLSv1 support + priv->ssl_meth = (SSL_METHOD *)TLSv1_method(); +#endif priv->ssl_ctx = SSL_CTX_new(priv->ssl_meth); if (SSL_CTX_set_cipher_list(priv->ssl_ctx, cipher_list) == 0) { -- cgit