From 3c1aec4831e9cff1b406fd61d45306221c81acae Mon Sep 17 00:00:00 2001
From: Michael Friedrich <michael.friedrich@netways.de>
Date: Mon, 6 Jul 2015 11:41:50 +0200
Subject: [PATCH] Require openssl1 on sles11sp3 from Security Module

There is a severe problem with SSL certificate verification
described in #9549 which renders client communication
unusable. The OpenSSL 0.9.8j version in SLES11 is buggy
and does not allow to verify clients on the master,
nor does a manual openssl verification work.

We'll therefore switch to the openssl1 package provided
by the SLES 11 Security Module and link against their
working API in order to resolve the problem in clusters
and client setups.

fixes #9549
---
 INSTALL.md               |  3 ++-
 doc/2-getting-started.md | 13 ++++++++-----
 icinga2.spec             |  5 +++--
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/INSTALL.md b/INSTALL.md
index f13556e66..bab773ad4 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -21,7 +21,8 @@ parentheses):
 * cmake
 * GNU make (make)
 * C++ compiler (gcc-c++ >= 4.7 on RHEL/SUSE, build-essential on Debian, alternatively clang++)
-* OpenSSL library and header files (openssl-devel on RHEL, libssl-dev on Debian)
+* OpenSSL library and header files >= 0.9.8 (openssl-devel on RHEL, libopenssl1-devel on SLES11,
+libopenssl-devel on SLES11, libssl-dev on Debian)
 * Boost library and header files (boost-devel on RHEL, libboost-all-dev on Debian)
 * GNU bison (bison)
 * GNU flex (flex) >= 2.5.35
diff --git a/doc/2-getting-started.md b/doc/2-getting-started.md
index 2ec661b1b..ffdedef37 100644
--- a/doc/2-getting-started.md
+++ b/doc/2-getting-started.md
@@ -46,6 +46,11 @@ RHEL/CentOS:
     # curl -o /etc/yum.repos.d/ICINGA-release.repo http://packages.icinga.org/epel/ICINGA-release.repo
     # yum makecache
 
+The packages for RHEL/CentOS depend on other packages which are distributed
+as part of the [EPEL repository](http://fedoraproject.org/wiki/EPEL). Please
+make sure to enable this repository by following
+[these instructions](http://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F).
+
 Fedora:
 
     # rpm --import http://packages.icinga.org/icinga.key
@@ -57,6 +62,9 @@ SLES 11:
     # zypper ar http://packages.icinga.org/SUSE/ICINGA-release-11.repo
     # zypper ref
 
+The packages for SLES 11 depend on the `openssl1` package which is distributed
+as part of the [SLES 11 Security Module](https://www.suse.com/communities/conversations/introducing-the-suse-linux-enterprise-11-security-module/).
+
 SLES 12:
 
     # zypper ar http://packages.icinga.org/SUSE/ICINGA-release.repo
@@ -67,11 +75,6 @@ openSUSE:
     # zypper ar http://packages.icinga.org/openSUSE/ICINGA-release.repo
     # zypper ref
 
-The packages for RHEL/CentOS depend on other packages which are distributed
-as part of the [EPEL repository](http://fedoraproject.org/wiki/EPEL). Please
-make sure to enable this repository by following
-[these instructions](http://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F).
-
 ### <a id="installing-icinga2"></a> Installing Icinga 2
 
 You can install Icinga 2 by using your distribution's package manager
diff --git a/icinga2.spec b/icinga2.spec
index d378500ae..b996138e8 100644
--- a/icinga2.spec
+++ b/icinga2.spec
@@ -92,13 +92,14 @@ BuildRequires: libyajl-devel
 %endif
 BuildRequires: libedit-devel
 BuildRequires: ncurses-devel
-BuildRequires: openssl-devel
-%if "%{_vendor}" == "suse" && 0%{?suse_version} < 1310
+%if "%{_vendor}" == "suse" && 0%{?suse_version} < 1210
 BuildRequires: gcc47-c++
 BuildRequires: libstdc++47-devel
+BuildRequires: libopenssl1-devel
 %else
 BuildRequires: gcc-c++
 BuildRequires: libstdc++-devel
+BuildRequires: openssl-devel
 %endif
 BuildRequires: cmake
 BuildRequires: flex >= 2.5.35