Project

General

Profile

Actions
Copy link

Bug #5046

closed

User story #4798: Upgrade to CFEngine 3.6 in rudder-agent

CFEngine fails to build on older OSes due to missing symble in OpenSSL

Added by Jonathan CLARKE over 10 years ago. Updated over 9 years ago.

Status:
Released
Priority:
2
Assignee:
Matthieu CERDA
Category:
Packaging
Target version:
2.11.0~beta1
Pull Request:
https://github.com/Normation/rudder-p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

From a CFEngine 3.6 build :

  CC     tls_generic.lo

tls_generic.c: In function 'TLSSetDefaultOptions':
tls_generic.c:702: error: 'SSL_OP_NO_TICKET' undeclared (first use in this function)
tls_generic.c:702: error: (Each undeclared identifier is reported only once
tls_generic.c:702: error: for each function it appears in.)
make[1]: Leaving directory `/usr/src/rudder-packages/package/SOURCES/cfengine-source'

This happens when using an older version of OpenSSL that doesn't have the SSL_OP_NO_TICKET option.

This option is defined as (from https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html):

SSL_OP_NO_TICKET
    Normally clients and servers will, where possible, transparently make use of RFC4507bis tickets for stateless session resumption.
    If this option is set this functionality is disabled and tickets will not be used by clients or servers.

So, this option is used to disable the functionality. Older version of OpenSSL don't have the functionality, so we don't need to disable it.

Fortunately, there is a simple workaround: use a #ifdef as explained here: https://bugs.launchpad.net/jabberd2/+bug/383507. This was, this feature is disabled if present, and ignored if not.

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #5056: CFEngine tries to use the SSL_CTX_clear_options OpenSSL function that do not exist in old OpenSSL versionsReleasedJonathan CLARKE2014-06-17Actions
Actions
Copy link

Also available in: Atom PDF