[ovs-dev] [PATCH] stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
Han Zhou
zhouhan at gmail.com
Mon Aug 6 22:23:27 UTC 2018
On Mon, Aug 6, 2018 at 12:07 PM, Ben Pfaff <blp at ovn.org> wrote:
>
> 10 of the travis builds are failing such as
> TESTSUITE=1 KERNEL=3.16.54 for gcc and clang.
>
> I don't know why SSL_OP_NO_SSL_MASK doesn't include SSL_OP_NO_SSLv2,
> but it doesn't in my copy of the appropriate header file.
>
> Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by
default")
> CC: Timothy Redaelli <tredaelli at redhat.com>
> Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> Signed-off-by: Ben Pfaff <blp at ovn.org>
> ---
> lib/stream-ssl.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
> index f3d623c035f8..bd4f2ff50dbc 100644
> --- a/lib/stream-ssl.c
> +++ b/lib/stream-ssl.c
> @@ -1188,6 +1188,11 @@ stream_ssl_set_protocols(const char *arg)
> }
>
> /* Start with all the flags off and turn them on as requested. */
> +#ifndef SSL_OP_NO_SSL_MASK
> + /* For old OpenSSL without this macro, this is the correct value. */
> +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \
> + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2)
> +#endif
> long protocol_flags = SSL_OP_NO_SSL_MASK;
>
> char *s = xstrdup(arg);
> --
> 2.16.1
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Hi Ben,
In my environment I see it as:
#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\
SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
My openssl version is:
Version : 1.0.2m
Thanks,
Han
More information about the dev
mailing list