[ovs-dev] [PATCH v2] stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
Ben Pfaff
blp at ovn.org
Mon Aug 6 22:39:44 UTC 2018
10 of the travis builds are failing such as
TESTSUITE=1 KERNEL=3.16.54 for gcc and clang.
Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default")
CC: Timothy Redaelli <tredaelli at redhat.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
---
v1->v2: Add SSL_OP_NO_SSLv2 (thanks Han!).
lib/stream-ssl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index f3d623c035f8..fed71801b823 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -1188,6 +1188,12 @@ stream_ssl_set_protocols(const char *arg)
}
/* Start with all the flags off and turn them on as requested. */
+#ifndef SSL_OP_NO_SSL_MASK
+ /* For old OpenSSL without this macro, this is the correct value. */
+#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | \
+ SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | \
+ SSL_OP_NO_TLSv1_2)
+#endif
long protocol_flags = SSL_OP_NO_SSL_MASK;
char *s = xstrdup(arg);
--
2.16.1
More information about the dev
mailing list