You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
openvswitch/0002-stream-ssl-Define-SSL_...

41 lines
1.4 KiB

From 74f34a896ddaebce7eba66022be8868dd3b44d0a Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@ovn.org>
Date: Mon, 6 Aug 2018 15:39:44 -0700
Subject: [PATCH 2/2] stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL
versions that lack it.
10 of the travis builds are failing such as
TESTSUITE=1 KERNEL=3.16.54 for gcc and clang.
Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default")
CC: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Han Zhou <hzhou8@ebay.com>
Acked-by: Darrell Ball <dlu998@gmail.com>
(cherry picked from commit ce679280889f0eb4ebc95b62558a20a7a5f7c0fb)
---
lib/stream-ssl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 95b0f106e..c64bb8f19 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -1186,6 +1186,12 @@ stream_ssl_set_protocols(const char *arg)
}
/* Start with all the flags off and turn them on as requested. */
+#ifndef SSL_OP_NO_SSL_MASK
+ /* For old OpenSSL without this macro, this is the correct value. */
+#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | \
+ SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | \
+ SSL_OP_NO_TLSv1_2)
+#endif
long protocol_flags = SSL_OP_NO_SSL_MASK;
char *s = xstrdup(arg);
--
2.17.1