Message ID | 20180806220729.26718-1-blp@ovn.org |
---|---|
State | Superseded |
Headers | show |
Series | [ovs-dev] stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it. | expand |
On Mon, Aug 6, 2018 at 12:07 PM, Ben Pfaff <blp@ovn.org> wrote: > > 10 of the travis builds are failing such as > TESTSUITE=1 KERNEL=3.16.54 for gcc and clang. > > I don't know why SSL_OP_NO_SSL_MASK doesn't include SSL_OP_NO_SSLv2, > but it doesn't in my copy of the appropriate header file. > > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default") > CC: Timothy Redaelli <tredaelli@redhat.com> > Signed-off-by: Darrell Ball <dlu998@gmail.com> > Signed-off-by: Ben Pfaff <blp@ovn.org> > --- > lib/stream-ssl.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c > index f3d623c035f8..bd4f2ff50dbc 100644 > --- a/lib/stream-ssl.c > +++ b/lib/stream-ssl.c > @@ -1188,6 +1188,11 @@ stream_ssl_set_protocols(const char *arg) > } > > /* Start with all the flags off and turn them on as requested. */ > +#ifndef SSL_OP_NO_SSL_MASK > + /* For old OpenSSL without this macro, this is the correct value. */ > +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ > + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2) > +#endif > long protocol_flags = SSL_OP_NO_SSL_MASK; > > char *s = xstrdup(arg); > -- > 2.16.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev Hi Ben, In my environment I see it as: #define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) My openssl version is: Version : 1.0.2m Thanks, Han
On Mon, Aug 06, 2018 at 12:23:27PM -1000, Han Zhou wrote: > On Mon, Aug 6, 2018 at 12:07 PM, Ben Pfaff <blp@ovn.org> wrote: > > > > 10 of the travis builds are failing such as > > TESTSUITE=1 KERNEL=3.16.54 for gcc and clang. > > > > I don't know why SSL_OP_NO_SSL_MASK doesn't include SSL_OP_NO_SSLv2, > > but it doesn't in my copy of the appropriate header file. > > > > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by > default") > > CC: Timothy Redaelli <tredaelli@redhat.com> > > Signed-off-by: Darrell Ball <dlu998@gmail.com> > > Signed-off-by: Ben Pfaff <blp@ovn.org> > > --- > > lib/stream-ssl.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c > > index f3d623c035f8..bd4f2ff50dbc 100644 > > --- a/lib/stream-ssl.c > > +++ b/lib/stream-ssl.c > > @@ -1188,6 +1188,11 @@ stream_ssl_set_protocols(const char *arg) > > } > > > > /* Start with all the flags off and turn them on as requested. */ > > +#ifndef SSL_OP_NO_SSL_MASK > > + /* For old OpenSSL without this macro, this is the correct value. */ > > +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ > > + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2) > > +#endif > > long protocol_flags = SSL_OP_NO_SSL_MASK; > > > > char *s = xstrdup(arg); > > -- > > 2.16.1 > > > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Hi Ben, > > In my environment I see it as: > > #define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ > SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) > > My openssl version is: > Version : 1.0.2m I've got headers for 1.1.0e here. I guess that adding NO_SSLv2 should be harmless. v2 coming up...
Bleep bloop. Greetings Ben Pfaff, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. git-am: Failed to merge in the changes. Patch failed at 0001 stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it. The copy of the patch that failed is found in: /var/lib/jenkins/jobs/upstream_build_from_pw/workspace/.git/rebase-apply/patch When you have resolved this problem, run "git am --resolved". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". Please check this out. If you feel there has been an error, please email aconole@bytheb.org Thanks, 0-day Robot
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index f3d623c035f8..bd4f2ff50dbc 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1188,6 +1188,11 @@ stream_ssl_set_protocols(const char *arg) } /* Start with all the flags off and turn them on as requested. */ +#ifndef SSL_OP_NO_SSL_MASK + /* For old OpenSSL without this macro, this is the correct value. */ +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2) +#endif long protocol_flags = SSL_OP_NO_SSL_MASK; char *s = xstrdup(arg);