From patchwork Mon Aug 6 22:39:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 954282 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kszJ4zXcz9s3x for ; Tue, 7 Aug 2018 08:39:56 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id A1ADEE90; Mon, 6 Aug 2018 22:39:54 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 319EDE7B for ; Mon, 6 Aug 2018 22:39:54 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A52DB1C0 for ; Mon, 6 Aug 2018 22:39:53 +0000 (UTC) X-Originating-IP: 208.91.3.26 Received: from sigabrt.benpfaff.org (unknown [208.91.3.26]) (Authenticated sender: blp@ovn.org) by relay1-d.mail.gandi.net (Postfix) with ESMTPSA id C6ADD240004; Mon, 6 Aug 2018 22:39:49 +0000 (UTC) From: Ben Pfaff To: dev@openvswitch.org Date: Mon, 6 Aug 2018 15:39:44 -0700 Message-Id: <20180806223944.4630-1-blp@ovn.org> X-Mailer: git-send-email 2.16.1 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Ben Pfaff Subject: [ovs-dev] [PATCH v2] stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org 10 of the travis builds are failing such as TESTSUITE=1 KERNEL=3.16.54 for gcc and clang. Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default") CC: Timothy Redaelli Signed-off-by: Darrell Ball Signed-off-by: Ben Pfaff Acked-by: Han Zhou Acked-by: Darrell Ball Reviewed-by: Timothy Redaelli --- v1->v2: Add SSL_OP_NO_SSLv2 (thanks Han!). lib/stream-ssl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index f3d623c035f8..fed71801b823 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1188,6 +1188,12 @@ stream_ssl_set_protocols(const char *arg) } /* Start with all the flags off and turn them on as requested. */ +#ifndef SSL_OP_NO_SSL_MASK + /* For old OpenSSL without this macro, this is the correct value. */ +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | \ + SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | \ + SSL_OP_NO_TLSv1_2) +#endif long protocol_flags = SSL_OP_NO_SSL_MASK; char *s = xstrdup(arg);