From f01205dfee44fb3b87204f5d71c54648e391a21f Mon Sep 17 00:00:00 2001
From: Open vSwitch CI <ovs-team@redhat.com>
Date: May 26 2023 19:29:32 +0000
Subject: Import openvswitch2.17-2.17.0-101 from Fast DataPath


---

diff --git a/SOURCES/openvswitch-2.17.0.patch b/SOURCES/openvswitch-2.17.0.patch
index feb756b..2758f07 100644
--- a/SOURCES/openvswitch-2.17.0.patch
+++ b/SOURCES/openvswitch-2.17.0.patch
@@ -58181,7 +58181,7 @@ index 1c71df1a12..ec567603b1 100644
          shash_delete(&stopwatches, node);
          free(sw);
 diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
-index f4fe3432e7..62da9febb6 100644
+index f4fe3432e7..86747e58ba 100644
 --- a/lib/stream-ssl.c
 +++ b/lib/stream-ssl.c
 @@ -193,7 +193,9 @@ static void ssl_clear_txbuf(struct ssl_stream *);
@@ -58206,10 +58206,18 @@ index f4fe3432e7..62da9febb6 100644
      if (!peer_cert) {
          return NULL;
      }
-@@ -1070,7 +1076,11 @@ do_ssl_init(void)
+@@ -1069,8 +1075,18 @@ do_ssl_init(void)
+         VLOG_ERR("SSL_CTX_new: %s", ERR_error_string(ERR_get_error(), NULL));
          return ENOPROTOOPT;
      }
-     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+-    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
++
++    long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
++    options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
++#endif
++    SSL_CTX_set_options(ctx, options);
++
 +#if OPENSSL_VERSION_NUMBER < 0x3000000fL
      SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
 +#else
@@ -58218,7 +58226,7 @@ index f4fe3432e7..62da9febb6 100644
      SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
      SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
      SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-@@ -1081,6 +1091,7 @@ do_ssl_init(void)
+@@ -1081,6 +1097,7 @@ do_ssl_init(void)
      return 0;
  }
  
@@ -58226,7 +58234,7 @@ index f4fe3432e7..62da9febb6 100644
  static DH *
  tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
  {
-@@ -1112,6 +1123,7 @@ tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
+@@ -1112,6 +1129,7 @@ tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
                  keylength);
      return NULL;
  }
diff --git a/SPECS/openvswitch2.17.spec b/SPECS/openvswitch2.17.spec
index d005522..b64412e 100644
--- a/SPECS/openvswitch2.17.spec
+++ b/SPECS/openvswitch2.17.spec
@@ -63,7 +63,7 @@ Summary: Open vSwitch
 Group: System Environment/Daemons daemon/database/utilities
 URL: http://www.openvswitch.org/
 Version: 2.17.0
-Release: 100%{?dist}
+Release: 101%{?dist}
 
 # Nearly all of openvswitch is ASL 2.0.  The bugtool is LGPLv2+, and the
 # lib/sflow*.[ch] files are SISSL
@@ -749,6 +749,12 @@ exit 0
 %endif
 
 %changelog
+* Fri May 26 2023 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-101
+- Merging upstream branch-2.17 [RH git: 8a8882d1cb]
+    Commit list:
+    4937a53410 stream-ssl: Disable alerts on unexpected EOF.
+
+
 * Thu May 25 2023 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-100
 - Merging upstream branch-2.17 [RH git: 0e97bfc734]
     Commit list: