[ovs-dev] [PATCH v2] stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
Ben Pfaff
blp at ovn.org
Mon Aug 6 22:53:45 UTC 2018
On Mon, Aug 06, 2018 at 12:47:39PM -1000, Han Zhou wrote:
> On Mon, Aug 6, 2018 at 12:39 PM, Ben Pfaff <blp at ovn.org> wrote:
> >
> > 10 of the travis builds are failing such as
> > TESTSUITE=1 KERNEL=3.16.54 for gcc and clang.
> >
> > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by
> default")
> > CC: Timothy Redaelli <tredaelli at redhat.com>
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> > Signed-off-by: Ben Pfaff <blp at ovn.org>
> > ---
> > v1->v2: Add SSL_OP_NO_SSLv2 (thanks Han!).
> >
> > lib/stream-ssl.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
> > index f3d623c035f8..fed71801b823 100644
> > --- a/lib/stream-ssl.c
> > +++ b/lib/stream-ssl.c
> > @@ -1188,6 +1188,12 @@ stream_ssl_set_protocols(const char *arg)
> > }
> >
> > /* Start with all the flags off and turn them on as requested. */
> > +#ifndef SSL_OP_NO_SSL_MASK
> > + /* For old OpenSSL without this macro, this is the correct value. */
> > +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | \
> > + SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | \
> > + SSL_OP_NO_TLSv1_2)
> > +#endif
> > long protocol_flags = SSL_OP_NO_SSL_MASK;
> >
> > char *s = xstrdup(arg);
> > --
> > 2.16.1
> >
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
> Acked-by: Han Zhou <hzhou8 at ebay.com>
Thanks.
Darrell, does this make sense to you?
More information about the dev
mailing list