Message ID | 1533582162-2635-1-git-send-email-dlu998@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | [ovs-dev,v1] stream-ssl: Revert recent chamge to fix travis builds. | expand |
if this applied, pls remove the extra newline On Mon, Aug 6, 2018 at 12:02 PM, Darrell Ball <dlu998@gmail.com> wrote: > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by > default") > CC: Timothy Redaelli <tredaelli@redhat.com> > Signed-off-by: Darrell Ball <dlu998@gmail.com> > --- > lib/stream-ssl.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c > index f3d623c..03aa972 100644 > --- a/lib/stream-ssl.c > +++ b/lib/stream-ssl.c > @@ -1188,7 +1188,9 @@ stream_ssl_set_protocols(const char *arg) > } > > /* Start with all the flags off and turn them on as requested. */ > - long protocol_flags = SSL_OP_NO_SSL_MASK; > + long protocol_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | > SSL_OP_NO_TLSv1; > + protocol_flags |= SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; > + > > char *s = xstrdup(arg); > char *save_ptr = NULL; > -- > 1.9.1 > >
On Mon, Aug 06, 2018 at 12:02:42PM -0700, Darrell Ball wrote: > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default") > CC: Timothy Redaelli <tredaelli@redhat.com> > Signed-off-by: Darrell Ball <dlu998@gmail.com> It'd be nice to cite one of the failing builds in the commit message. Timothy, do you want to comment on this? Thanks, Ben.
Sure, and probably s/chamge/change/ would be good On 8/6/18, 12:32 PM, "ovs-dev-bounces@openvswitch.org on behalf of Ben Pfaff" <ovs-dev-bounces@openvswitch.org on behalf of blp@ovn.org> wrote: On Mon, Aug 06, 2018 at 12:02:42PM -0700, Darrell Ball wrote: > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default") > CC: Timothy Redaelli <tredaelli@redhat.com> > Signed-off-by: Darrell Ball <dlu998@gmail.com> It'd be nice to cite one of the failing builds in the commit message. Timothy, do you want to comment on this? Thanks, Ben. _______________________________________________ dev mailing list dev@openvswitch.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-dev&data=02%7C01%7Cdball%40vmware.com%7C39a899ad6f0d47c80f6108d5fbd3668c%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C1%7C0%7C636691807749274687&sdata=n1WruYqqMBdAB4maQ3XbYR3ZN%2B7MG%2FABnCHXtHqD0eM%3D&reserved=0
On Mon, Aug 6, 2018 at 9:59 AM, Darrell Ball <dball@vmware.com> wrote: > > Sure, and probably s/chamge/change/ would be good > > On 8/6/18, 12:32 PM, "ovs-dev-bounces@openvswitch.org on behalf of Ben Pfaff" <ovs-dev-bounces@openvswitch.org on behalf of blp@ovn.org> wrote: > > On Mon, Aug 06, 2018 at 12:02:42PM -0700, Darrell Ball wrote: > > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default") > > CC: Timothy Redaelli <tredaelli@redhat.com> > > Signed-off-by: Darrell Ball <dlu998@gmail.com> > > It'd be nice to cite one of the failing builds in the commit message. > > Timothy, do you want to comment on this? > > Thanks, > > Ben. > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-dev&data=02%7C01%7Cdball%40vmware.com%7C39a899ad6f0d47c80f6108d5fbd3668c%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C1%7C0%7C636691807749274687&sdata=n1WruYqqMBdAB4maQ3XbYR3ZN%2B7MG%2FABnCHXtHqD0eM%3D&reserved=0 > > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev Is this something really should be reverted? I hit the same problem but I figured out it was because of my openssl version is old.
On Mon, Aug 6, 2018 at 1:37 PM, Han Zhou <zhouhan@gmail.com> wrote: > > > On Mon, Aug 6, 2018 at 9:59 AM, Darrell Ball <dball@vmware.com> wrote: > > > > Sure, and probably s/chamge/change/ would be good > > > > On 8/6/18, 12:32 PM, "ovs-dev-bounces@openvswitch.org on behalf of Ben > Pfaff" <ovs-dev-bounces@openvswitch.org on behalf of blp@ovn.org> wrote: > > > > On Mon, Aug 06, 2018 at 12:02:42PM -0700, Darrell Ball wrote: > > > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by > default") > > > CC: Timothy Redaelli <tredaelli@redhat.com> > > > Signed-off-by: Darrell Ball <dlu998@gmail.com> > > > > It'd be nice to cite one of the failing builds in the commit message. > > > > Timothy, do you want to comment on this? > > > > Thanks, > > > > Ben. > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fmail.openvswitch.org%2Fmailman% > 2Flistinfo%2Fovs-dev&data=02%7C01%7Cdball%40vmware.com% > 7C39a899ad6f0d47c80f6108d5fbd3668c%7Cb39138ca3cee4b4aa4d6cd83d9dd > 62f0%7C1%7C0%7C636691807749274687&sdata=n1WruYqqMBdAB4maQ3XbYR3ZN% > 2B7MG%2FABnCHXtHqD0eM%3D&reserved=0 > > > > > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Is this something really should be reverted? I hit the same problem but I > figured out it was because of my openssl version is old. > well, in this case, Travis is failing for Openvswitch repo One example: https://travis-ci.org/openvswitch/ovs/jobs/412223381 cgcc -target=x86_64 -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Wno-null-pointer-arithmetic -Werror -Wsparse-error -MT lib/dhparams.lo -MD -MP -MF lib/.deps/dhparams.Tpo -c lib/dhparams.c -o lib/dhparams.o lib/stream-ssl.c:1191:27: error: undefined identifier 'SSL_OP_NO_SSL_MASK' make[2]: *** [lib/stream-ssl.lo] Error 1 make[2]: *** Waiting for unfinished jobs.... make[2]: Leaving directory `/home/travis/build/openvswitch/ovs' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/travis/build/openvswitch/ovs' make: *** [all] Error 2
On Mon, Aug 6, 2018 at 12:03 PM, Darrell Ball <dlu998@gmail.com> wrote: > > > On Mon, Aug 6, 2018 at 1:37 PM, Han Zhou <zhouhan@gmail.com> wrote: > >> >> >> On Mon, Aug 6, 2018 at 9:59 AM, Darrell Ball <dball@vmware.com> wrote: >> > >> > Sure, and probably s/chamge/change/ would be good >> > >> > On 8/6/18, 12:32 PM, "ovs-dev-bounces@openvswitch.org on behalf of Ben >> Pfaff" <ovs-dev-bounces@openvswitch.org on behalf of blp@ovn.org> wrote: >> > >> > On Mon, Aug 06, 2018 at 12:02:42PM -0700, Darrell Ball wrote: >> > > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions >> by default") >> > > CC: Timothy Redaelli <tredaelli@redhat.com> >> > > Signed-off-by: Darrell Ball <dlu998@gmail.com> >> > >> > It'd be nice to cite one of the failing builds in the commit >> message. >> > >> > Timothy, do you want to comment on this? >> > >> > Thanks, >> > >> > Ben. >> > _______________________________________________ >> > dev mailing list >> > dev@openvswitch.org >> > https://na01.safelinks.protection.outlook.com/?url=https%3A% >> 2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs- >> dev&data=02%7C01%7Cdball%40vmware.com%7C39a899ad6f0d47c >> 80f6108d5fbd3668c%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C1% >> 7C0%7C636691807749274687&sdata=n1WruYqqMBdAB4maQ3XbYR3ZN >> %2B7MG%2FABnCHXtHqD0eM%3D&reserved=0 >> > >> > >> > _______________________________________________ >> > dev mailing list >> > dev@openvswitch.org >> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> >> Is this something really should be reverted? I hit the same problem but I >> figured out it was because of my openssl version is old. >> > > > well, in this case, Travis is failing for Openvswitch repo > > One example: > > https://travis-ci.org/openvswitch/ovs/jobs/412223381 > > > cgcc -target=x86_64 -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Wno-null-pointer-arithmetic -Werror -Wsparse-error -MT lib/dhparams.lo -MD -MP -MF lib/.deps/dhparams.Tpo -c lib/dhparams.c -o lib/dhparams.o > lib/stream-ssl.c:1191:27: error: undefined identifier 'SSL_OP_NO_SSL_MASK' > make[2]: *** [lib/stream-ssl.lo] Error 1 > make[2]: *** Waiting for unfinished jobs.... > make[2]: Leaving directory `/home/travis/build/openvswitch/ovs' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/travis/build/openvswitch/ovs' > make: *** [all] Error 2 > > > > Hi Darrell, yes this is the same error I encountered. Using a newer version of openssl (e.g. 1.0.2m) fixes the problem. The macro SSL_OP_NO_SSL_MASK is defined in openssl/ssl.h: #define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
On Mon, Aug 6, 2018 at 3:18 PM, Han Zhou <zhouhan@gmail.com> wrote: > > > On Mon, Aug 6, 2018 at 12:03 PM, Darrell Ball <dlu998@gmail.com> wrote: > >> >> >> On Mon, Aug 6, 2018 at 1:37 PM, Han Zhou <zhouhan@gmail.com> wrote: >> >>> >>> >>> On Mon, Aug 6, 2018 at 9:59 AM, Darrell Ball <dball@vmware.com> wrote: >>> > >>> > Sure, and probably s/chamge/change/ would be good >>> > >>> > On 8/6/18, 12:32 PM, "ovs-dev-bounces@openvswitch.org on behalf of >>> Ben Pfaff" <ovs-dev-bounces@openvswitch.org on behalf of blp@ovn.org> >>> wrote: >>> > >>> > On Mon, Aug 06, 2018 at 12:02:42PM -0700, Darrell Ball wrote: >>> > > Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions >>> by default") >>> > > CC: Timothy Redaelli <tredaelli@redhat.com> >>> > > Signed-off-by: Darrell Ball <dlu998@gmail.com> >>> > >>> > It'd be nice to cite one of the failing builds in the commit >>> message. >>> > >>> > Timothy, do you want to comment on this? >>> > >>> > Thanks, >>> > >>> > Ben. >>> > _______________________________________________ >>> > dev mailing list >>> > dev@openvswitch.org >>> > https://na01.safelinks.protection.outlook.com/?url=https%3A% >>> 2F%2Fmail.openvswitch.org%2Fmailman%2Flistinfo%2Fovs-dev& >>> amp;data=02%7C01%7Cdball%40vmware.com%7C39a899ad6f0d47c80f61 >>> 08d5fbd3668c%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C1%7C0% >>> 7C636691807749274687&sdata=n1WruYqqMBdAB4maQ3XbYR3ZN% >>> 2B7MG%2FABnCHXtHqD0eM%3D&reserved=0 >>> > >>> > >>> > _______________________________________________ >>> > dev mailing list >>> > dev@openvswitch.org >>> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >>> >>> Is this something really should be reverted? I hit the same problem but >>> I figured out it was because of my openssl version is old. >>> >> >> >> well, in this case, Travis is failing for Openvswitch repo >> >> One example: >> >> https://travis-ci.org/openvswitch/ovs/jobs/412223381 >> >> >> cgcc -target=x86_64 -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wshadow -Wno-null-pointer-arithmetic -Werror -Wsparse-error -MT lib/dhparams.lo -MD -MP -MF lib/.deps/dhparams.Tpo -c lib/dhparams.c -o lib/dhparams.o >> lib/stream-ssl.c:1191:27: error: undefined identifier 'SSL_OP_NO_SSL_MASK' >> make[2]: *** [lib/stream-ssl.lo] Error 1 >> make[2]: *** Waiting for unfinished jobs.... >> make[2]: Leaving directory `/home/travis/build/openvswitch/ovs' >> make[1]: *** [all-recursive] Error 1 >> make[1]: Leaving directory `/home/travis/build/openvswitch/ovs' >> make: *** [all] Error 2 >> >> >> >> Hi Darrell, yes this is the same error I encountered. Using a newer > version of openssl (e.g. 1.0.2m) fixes the problem. The macro > SSL_OP_NO_SSL_MASK is defined in openssl/ssl.h: > > #define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ > SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) > > That is fine, but this is nothing specific to do with my environment. It is the Travis build environment that is being used for Openvswitch.
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index f3d623c..03aa972 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1188,7 +1188,9 @@ stream_ssl_set_protocols(const char *arg) } /* Start with all the flags off and turn them on as requested. */ - long protocol_flags = SSL_OP_NO_SSL_MASK; + long protocol_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1; + protocol_flags |= SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; + char *s = xstrdup(arg); char *save_ptr = NULL;
Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default") CC: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> --- lib/stream-ssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)