From 30137cd53c52d435413feb0eddcf7d3a80f2ebbe Mon Sep 17 00:00:00 2001 From: "Kaleb S. KEITHLEY" Date: Tue, 12 Sep 2017 15:34:15 -0400 Subject: rpc: TLSv1_2_method() is deprecated in OpenSSL-1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fedora 26 has OpenSSL-1.1. Compile-time warnings indicate that TLSv1_2_method() is now deprecated. As per the SSL man page: TLS_method(), TLS_server_method(), TLS_client_method() These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. Applications should use these methods, and avoid the version- specific methods described below. ... TLSv1_2_method(), ... ... Note that OpenSSL-1.1 is the version of OpenSSL; Fedora 25 and RHEL 7.3 and other distributions (still) have OpenSSL-1.0. TLS versions are orthogonal to the OpenSSL version. TLS_method() is the new — in OpenSSL-1.1 — version flexible function intended to replace the TLSv1_2_method() function in OpenSSL-1.0 and the older (?), insecure TLSv23_method(). (OpenSSL-1.0 does not have TLS_method()) master https://review.gluster.org/18268 master BZ: 1491025 Change-Id: I190363ccffe7c25606ea2cf30a6b9ff1ec186057 BUG: 1491690 Signed-off-by: Kaleb S. KEITHLEY --- rpc/rpc-transport/socket/src/socket.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'rpc') diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index 5cee869fdfc..590d465ccc6 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -4344,7 +4344,9 @@ socket_init (rpc_transport_t *this) if (priv->ssl_enabled || priv->mgmt_ssl) { BIO *bio = NULL; -#if HAVE_TLSV1_2_METHOD +#if HAVE_TLS_METHOD + priv->ssl_meth = (SSL_METHOD *)TLS_method(); +#elif HAVE_TLSV1_2_METHOD priv->ssl_meth = (SSL_METHOD *)TLSv1_2_method(); #else /* -- cgit