Additional SSL cleanup.

.bzrignore

@@ -1,21 +1,48 @@
-!configure.ac
+*.la
+*.lo
+*.log
 *.patch
+*.trs
 *dirstamp
 .deps
 .gdb_history
 .libs
 Makefile
 Makefile.in
+TAGS
 aclocal.m4
 aminclude.am
 autom4te.cache
+benchmark/blobslap_client
+benchmark/blobslap_worker
+bin/gearadmin
+bin/gearman
 build-aux
+cmd*xml
 config*
 docs/conf.py
+docs/libgearman/examples/gearman_client_do_background_example
+docs/libgearman/examples/gearman_client_do_example
+docs/libgearman/examples/gearman_execute_example
+docs/libgearman/examples/gearman_execute_partition
+examples/echo_client
+examples/echo_worker
+examples/reverse_client
+examples/reverse_client_bg
+examples/reverse_client_cb
+examples/reverse_client_epoch
+examples/reverse_worker
+examples/wc_worker
 gdb.txt
 gear_config.h
 gear_config.in
+gearmand/gearmand
+gearmand/hostile_gearmand
+libgearman-1.0/t/c_test
+libgearman-1.0/t/cc_test
 libgearman-1.0/version.h
+libgearman/command.hpp
+libgearman/error_code.hpp
 libgearman/gearman_client.lo
 libgearman/gearman_worker.lo
 libgearman/io.lo
@@ -27,7 +54,19 @@ libgearman/quit.lo
 libgearman/server.lo
 libgearman/stamp-h1
 libhashkit/hashkitcon.h
+libhostile/t/accept
+libhostile/t/close
+libhostile/t/hostile_accept
+libhostile/t/hostile_close
+libhostile/t/hostile_pipe
+libhostile/t/hostile_pipe2
+libhostile/t/pipe
+libhostile/t/pipe2
+libtest/abort
+libtest/backtrace
+libtest/core-count
 libtest/version.h
+libtest/wait
 libtest/yatlcon.h
 libtool
 m4/libtool.m4
@@ -35,6 +74,10 @@ m4/ltoptions.m4
 m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4
+man/*.1
+man/*.3
+man/*.8
+man/.doctrees/
 patch
 scripts/gearmand
 scripts/gearmand-init
@@ -43,58 +86,6 @@ scripts/smf_install.sh
 stamp-h1
 support/gearmand.pc
 support/gearmand.spec
-tests/client_test
-tests/worker_test
-valgrind*xml
-cmd*xml
-*.log
-*.trs
-*.lo
-*.la
-man/*.1
-man/*.3
-man/*.8
-man/.doctrees/
-gearmand/gearmand
-gearmand/hostile_gearmand
-libhostile/t/accept
-libhostile/t/close
-libhostile/t/hostile_accept
-libhostile/t/hostile_close
-libhostile/t/hostile_pipe
-libhostile/t/hostile_pipe2
-libhostile/t/pipe
-libhostile/t/pipe2
-libtest/abort
-libtest/backtrace
-libtest/core-count
-libtest/wait
-tests/libgearman-1.0/1077917
-tests/libgearman-1.0/client_test
-tests/libgearman-1.0/internals_test
-tests/libgearman-1.0/multi_client_test
-tests/libgearman-1.0/worker_test
-benchmark/blobslap_client
-benchmark/blobslap_worker
-bin/gearadmin
-bin/gearman
-docs/libgearman/examples/gearman_client_do_background_example
-docs/libgearman/examples/gearman_client_do_example
-docs/libgearman/examples/gearman_execute_example
-docs/libgearman/examples/gearman_execute_partition
-examples/echo_client
-examples/echo_worker
-examples/reverse_client
-examples/reverse_client_bg
-examples/reverse_client_cb
-examples/reverse_client_epoch
-examples/reverse_worker
-examples/wc_worker
-tmp_chroot
-tests/protocol
-libgearman/command.hpp
-libgearman/error_code.hpp
-TAGS
 t/1077917
 t/blobslap_client
 t/c
@@ -125,3 +116,13 @@ t/tokyocabinet
 t/unittest
 t/vector
 t/worker
+tests/client_test
+tests/libgearman-1.0/1077917
+tests/libgearman-1.0/client_test
+tests/libgearman-1.0/internals_test
+tests/libgearman-1.0/multi_client_test
+tests/libgearman-1.0/worker_test
+tests/protocol
+tests/worker_test
+tmp_chroot
+valgrind*xml

bin/include.am

@@ -28,7 +28,17 @@ bin_gearadmin_CXXFLAGS= @BOOST_CPPFLAGS@
 bin_gearadmin_LDFLAGS= $(BOOST_PROGRAM_OPTIONS_LDFLAGS)
 bin_gearadmin_LDADD=
 bin_gearadmin_LDADD+= $(BOOST_PROGRAM_OPTIONS_LIBS)
+if ENABLE_SSL
+if ENABLE_CYASSL
 bin_gearadmin_LDADD+= @CYASSL_LIB@
+bin_gearadmin_LDFLAGS+= @CYASSL_LDFLAGS@
+else
+if ENABLE_OPENSSL
+bin_gearadmin_LDADD+= @OPENSSL_LIBS@
+bin_gearadmin_LDFLAGS+= @OPENSSL_LDFLAGS@
+endif
+endif
+endif
 
 bin_gearman_SOURCES=
 bin_gearman_SOURCES+= bin/arguments.cc

configure.ac

@@ -229,7 +229,16 @@ AC_CHECK_LIB([rt],[clock_gettime],
 # Check for -lm
 LT_LIB_M
 
+# Check for OPENSSL
+AX_CHECK_OPENSSL([have_openssl=yes
+                  AC_DEFINE([HAVE_OPENSSL],[1],[Enable openssl Support])],
+                  [have_openssl=no]) 
+AM_CONDITIONAL([ENABLE_OPENSSL],[test "x${have_openssl}" = "xyes"])
+
 # Check for CyaSSL
+AX_CHECK_CYASSL([have_cyassl=yes],[have_cyassl=no]) 
+AM_CONDITIONAL([ENABLE_CYASSL],[test "x${have_cyassl}" = "xyes"])
+
 AC_DEFUN([AX_ENABLE_SSL],
          [AC_PREREQ([2.63])dnl
          m4_define([_SSL_ENABLE_DEFAULT], [m4_if($1, no, no, no)])dnl
@@ -243,10 +252,17 @@ AC_DEFUN([AX_ENABLE_SSL],
                                         ],
                                         [enable_ssl=]_SSL_ENABLE_DEFAULT)
          AS_IF([test "x${enable_ssl}" = "xyes"],
-               [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl],[],
-                                 [AC_MSG_ERROR([Unable to find cyassl])
-                                 enable_ssl=no])])
+               [AS_IF([test "x${have_cyassl}" = "xyes"],
+                      [AC_DEFINE([HAVE_SSL],[1],[Enable SSL Support])
+                        AC_DEFINE([HAVE_OPENSSL],[0],[Enable OPENSSL Support])
+                      ],
+                      [test "x${have_openssl}" = "xyes"],
+                      [AC_DEFINE([HAVE_SSL],[1],[Enable SSL Support])],
+                      [enable_ssl=no])
+               ])
+         AM_CONDITIONAL([ENABLE_SSL],[test "x${enable_ssl}" = "xyes"])
          ])
+
 AX_ENABLE_SSL
 
 AX_ENABLE_LIBMEMCACHED
@@ -312,6 +328,8 @@ echo "   * Building with libpq        $ac_cv_libpq"
 echo "   * Building with tokyocabinet $ac_enable_libtokyocabinet"
 echo "   * Building with libmysql     $found_mysql"
 echo "   * SSL enabled:               $enable_ssl"
+echo "   * cyassl found:              $have_cyassl"
+echo "   * openssl found:             $have_openssl"
 echo "   * make -j:                   $enable_jobserver"
 echo "   * VCS checkout:              $ac_cv_vcs_checkout"
 echo ""

libgearman-server/connection.cc

@@ -208,14 +208,14 @@ void gearman_server_con_free(gearman_server_con_st *con)
   con->_port= NULL;
 
   // Correct location?
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
+#if defined(HAVE_SSL) && HAVE_SSL
   if (con->_ssl)
   {
-    CyaSSL_shutdown(con->_ssl);
-    CyaSSL_free(con->_ssl);
+    SSL_shutdown(con->_ssl);
+    SSL_free(con->_ssl);
     con->_ssl= NULL;
   }
-#endif
+#endif // defined(HAVE_SSL)
 
 
   gearman_server_con_delete_timeout(con);

libgearman-server/include.am

@@ -95,4 +95,14 @@ libgearman_server_libgearman_server_la_LIBADD+= $(BOOST_PROGRAM_OPTIONS_LIBS)
 libgearman_server_libgearman_server_la_LIBADD+= @LIBM@
 libgearman_server_libgearman_server_la_LIBADD+= @DL_LIB@
 libgearman_server_libgearman_server_la_LIBADD+= @RT_LIB@
+if ENABLE_SSL
+if ENABLE_CYASSL
 libgearman_server_libgearman_server_la_LIBADD+= @CYASSL_LIB@
+libgearman_server_libgearman_server_la_LDFLAGS+= @CYASSL_LDFLAGS@
+else
+if ENABLE_OPENSSL
+libgearman_server_libgearman_server_la_LIBADD+= @OPENSSL_LIBS@
+libgearman_server_libgearman_server_la_LDFLAGS+= @OPENSSL_LDFLAGS@
+endif
+endif
+endif

libgearman-server/io.cc

@@ -120,15 +120,21 @@ static size_t _connection_read(gearman_server_con_st *con, void *data, size_t da
 
   while (1)
   {
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
+#if defined(HAVE_SSL) && HAVE_SSL
     if (con->_ssl)
     {
       int ssl_errno;
+# if defined(HAVE_CYASSL) && HAVE_CYASSL
       read_size= CyaSSL_recv(con->_ssl, data, int(data_size), MSG_DONTWAIT);
+# else
+      read_size= SSL_read(con->_ssl, data, int(data_size));
+# endif
       ssl_errno= errno;
-      if (read_size <= 0)
+      if (read_size == 0)
+      { } // Socket has been closed
+      else if (read_size < 0)
       {
-        int sendErr= CyaSSL_get_error(con->_ssl, int(read_size));
+        int sendErr= SSL_get_error(con->_ssl, int(read_size));
         switch (sendErr)
         {
           case SSL_ERROR_ZERO_RETURN:
@@ -138,15 +144,14 @@ static size_t _connection_read(gearman_server_con_st *con, void *data, size_t da
             }
           case SSL_ERROR_WANT_READ:
             {
-              read_size= -1;
+              read_size= SOCKET_ERROR;
               errno= EAGAIN;
               break;
             }
           case SSL_ERROR_SYSCALL:
             { // All other errors
-              char errorString[80];
-              int err= CyaSSL_get_error(con->_ssl, 0);
-              CyaSSL_ERR_error_string(err, errorString);
+              char errorString[SSL_ERROR_SIZE];
+              ERR_error_string_n(sendErr, errorString, sizeof(errorString));
               _connection_close(connection);
               gearmand_log_perror(GEARMAN_DEFAULT_LOG_PARAM, ssl_errno, "SSL failure(%s)", errorString);
 
@@ -154,9 +159,8 @@ static size_t _connection_read(gearman_server_con_st *con, void *data, size_t da
             }
           default:
             { // All other errors
-              char errorString[80];
-              int err= CyaSSL_get_error(con->_ssl, 0);
-              CyaSSL_ERR_error_string(err, errorString);
+              char errorString[SSL_ERROR_SIZE];
+              ERR_error_string_n(sendErr, errorString, sizeof(errorString));
               _connection_close(connection);
               gearmand_log_warning(GEARMAN_DEFAULT_LOG_PARAM, "SSL failure(%s) errno:%d", errorString, ssl_errno);
 
@@ -178,7 +182,7 @@ static size_t _connection_read(gearman_server_con_st *con, void *data, size_t da
       _connection_close(connection);
       return 0;
     }
-    else if (read_size == -1)
+    else if (read_size == SOCKET_ERROR)
     {
       int local_errno= errno;
       switch (local_errno)
@@ -294,33 +298,37 @@ static gearmand_error_t _connection_flush(gearman_server_con_st *con)
       while (connection->send_buffer_size)
       {
         ssize_t write_size;
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
+#if defined(HAVE_SSL) && HAVE_SSL
         if (con->_ssl)
         {
+#if defined(HAVE_CYASSL) && HAVE_CYASSL
           write_size= CyaSSL_send(con->_ssl, connection->send_buffer_ptr, int(connection->send_buffer_size), MSG_NOSIGNAL|MSG_DONTWAIT);
+#elif defined(HAVE_OPENSSL) && HAVE_OPENSSL
+          write_size= SSL_write(con->_ssl, connection->send_buffer_ptr, int(connection->send_buffer_size));
+#endif
 
-          // I consider this to be a bug in CyaSSL_send() that is uses a zero in this manner
+          // I consider this to be a bug in SSL_send()/SSL_write() that is uses a zero in this manner
           if (write_size <= 0)
           {
             int err;
-            switch ((err= CyaSSL_get_error(con->_ssl, int(write_size))))
+            switch ((err= SSL_get_error(con->_ssl, int(write_size))))
             {
               case SSL_ERROR_WANT_CONNECT:
               case SSL_ERROR_WANT_ACCEPT:
-                write_size= -1;
+                write_size= SOCKET_ERROR;
                 errno= EAGAIN;
                 break;
 
               case SSL_ERROR_WANT_WRITE:
               case SSL_ERROR_WANT_READ:
-                write_size= -1;
+                write_size= SOCKET_ERROR;
                 errno= EAGAIN;
                 break;
 
               default:
                 {
-                  char errorString[80];
-                  CyaSSL_ERR_error_string(err, errorString);
+                  char errorString[SSL_ERROR_SIZE];
+                  ERR_error_string_n(err, errorString, sizeof(errorString));
                   _connection_close(connection);
                   return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "SSL failure(%s)",
                                              errorString);

libgearman-server/job.cc

@@ -344,13 +344,12 @@ gearmand_error_t gearman_server_job_queue(gearman_server_job_st *job)
     job->retries++;
     if (Server->job_retries != 0 && Server->job_retries == job->retries)
     {
-      gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM,
-                         "Dropped job due to max retry count: %s %.*s",
-                         job->job_handle,
-                         (int)job->unique_length, job->unique);
+      gearmand_log_notice(GEARMAN_DEFAULT_LOG_PARAM,
+                          "Dropped job due to max retry count: %s %.*s",
+                          job->job_handle,
+                          (int)job->unique_length, job->unique);
 
-      gearman_server_client_st *client;
-      for (client= job->client_list; client != NULL; client= client->job_next)
+      for (gearman_server_client_st* client= job->client_list; client != NULL; client= client->job_next)
       {
         gearmand_error_t ret= gearman_server_io_packet_add(client->con, false,
                                                            GEARMAN_MAGIC_RESPONSE,
@@ -360,7 +359,7 @@ gearmand_error_t gearman_server_job_queue(gearman_server_job_st *job)
                                                            NULL);
         if (gearmand_failed(ret))
         {
-          return ret;
+          gearmand_log_gerror_warn(GEARMAN_DEFAULT_LOG_PARAM, ret, "Failed to send WORK_FAIL packet to %s:%s", client->con->host(), client->con->port());
         }
       }
 

libgearman-server/plugins/protocol/gear/protocol.cc

@@ -52,9 +52,7 @@
 #include <cstdio>
 #include <cstdlib>
 
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
-# include <cyassl/ssl.h>
-#endif
+#include "libgearman/ssl.h"
 
 #include <libgearman-server/plugins/protocol/gear/protocol.h>
 #include "libgearman/command.h"
@@ -343,11 +341,11 @@ static Geartext gear_context;
 
 static gearmand_error_t _gear_con_remove(gearman_server_con_st* connection)
 {
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
+#if defined(HAVE_SSL) && HAVE_SSL
   if (connection->_ssl)
   {
-    CyaSSL_shutdown(connection->_ssl);
-    CyaSSL_free(connection->_ssl);
+    SSL_shutdown(connection->_ssl);
+    SSL_free(connection->_ssl);
     connection->_ssl= NULL;
   }
 #else
@@ -358,27 +356,32 @@ static gearmand_error_t _gear_con_remove(gearman_server_con_st* connection)
 
 static gearmand_error_t _gear_con_add(gearman_server_con_st *connection)
 {
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
+#if defined(HAVE_SSL) && HAVE_SSL
   if (Gearmand()->ctx_ssl())
   {
-    if ((connection->_ssl= CyaSSL_new(Gearmand()->ctx_ssl())) == NULL)
+    if ((connection->_ssl= SSL_new(Gearmand()->ctx_ssl())) == NULL)
     {
-      return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_MEMORY_ALLOCATION_FAILURE, "CyaSSL_new() failed to return a valid object");
+      return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_MEMORY_ALLOCATION_FAILURE, "SSL_new() failed to return a valid object");
     }
 
-    CyaSSL_set_fd(connection->_ssl, connection->con.fd());
+    SSL_set_fd(connection->_ssl, connection->con.fd());
 
-    if (CyaSSL_accept(connection->_ssl) != SSL_SUCCESS)
+    while (SSL_accept(connection->_ssl) != SSL_SUCCESS)
     {
-      if (CyaSSL_get_error(connection->_ssl, 0) != SSL_ERROR_WANT_READ)
+      int cyassl_error= SSL_get_error(connection->_ssl, 0);
+      switch (cyassl_error)
       {
-        int cyassl_error= CyaSSL_get_error(connection->_ssl, 0);
-        char cyassl_error_buffer[1024]= { 0 };
-        CyaSSL_ERR_error_string(cyassl_error, cyassl_error_buffer);
-        return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s:%s %s(%d)", 
-                                   connection->host(),
-                                   connection->port(),
-                                   cyassl_error_buffer, cyassl_error);
+        case SSL_ERROR_WANT_READ:
+        case SSL_ERROR_WANT_WRITE:
+          continue;
+
+        default:
+          char cyassl_error_buffer[SSL_ERROR_SIZE]= { 0 };
+          ERR_error_string_n(cyassl_error, cyassl_error_buffer, sizeof(cyassl_error_buffer));
+          return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s:%s %s(%d)", 
+                                     connection->host(),
+                                     connection->port(),
+                                     cyassl_error_buffer, cyassl_error);
       }
     }
     gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "GearSSL connection made: %s:%s", connection->host(), connection->port());
@@ -455,26 +458,26 @@ gearmand_error_t Gear::start(gearmand_st *gearmand)
 
   gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Initializing Gear on port %s with SSL: %s", _port.c_str(), opt_ssl ? "true" : "false");
 
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
+#if defined(HAVE_SSL) && HAVE_SSL
   if (opt_ssl)
   {
     gearmand->init_ssl();
 
-    if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), _ssl_ca_file.c_str(), 0) != SSL_SUCCESS)
+    if (SSL_CTX_load_verify_locations(gearmand->ctx_ssl(), _ssl_ca_file.c_str(), 0) != SSL_SUCCESS)
     {
-      gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", _ssl_ca_file.c_str());
+      gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "SSL_CTX_load_verify_locations() cannot local the ca certificate %s", _ssl_ca_file.c_str());
     }
     gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading CA certificate : %s", _ssl_ca_file.c_str());
 
-    if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), _ssl_certificate.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
+    if (SSL_CTX_use_certificate_file(gearmand->ctx_ssl(), _ssl_certificate.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
     {   
-      gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", _ssl_certificate.c_str());
+      gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "SSL_CTX_use_certificate_file() cannot obtain certificate %s", _ssl_certificate.c_str());
     }
     gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate : %s", _ssl_certificate.c_str());
 
-    if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), _ssl_key.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
+    if (SSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), _ssl_key.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
     {   
-      gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", _ssl_key.c_str());
+      gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "SSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", _ssl_key.c_str());
     }
     gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate key : %s", _ssl_key.c_str());
 

libgearman-server/struct/gearmand.h

@@ -38,9 +38,7 @@
 #pragma once
 
 #include "libgearman-server/struct/server.h"
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
-# include <cyassl/ssl.h>
-#endif
+#include "libgearman/ssl.h"
 
 #include "libgearman-server/struct/port.h"
 
@@ -137,7 +135,7 @@ struct gearmand_st
   struct event wakeup_event;
   std::vector<gearmand_port_st> _port_list;
   private:
-  struct CYASSL_CTX* _ctx_ssl;
+  SSL_CTX* _ctx_ssl;
   public:
 
   gearmand_st(const char *host_,
@@ -175,13 +173,15 @@ struct gearmand_st
 
   void init_ssl()
   {
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
-    CyaSSL_Init();
-    _ctx_ssl= CyaSSL_CTX_new(CyaSSLv23_server_method());
+#if defined(HAVE_SSL) && HAVE_SSL
+    SSL_load_error_strings();
+    SSL_library_init();
+
+    _ctx_ssl= SSL_CTX_new(SSLv23_server_method());
 #endif
   }
 
-  struct CYASSL_CTX* ctx_ssl()
+  SSL_CTX* ctx_ssl()
   {
     return _ctx_ssl;
   }
@@ -193,8 +193,8 @@ struct gearmand_st
       free(host);
     }
 
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
-    CyaSSL_CTX_free(_ctx_ssl);
+#if defined(HAVE_SSL) && HAVE_SSL
+    SSL_CTX_free(_ctx_ssl);
 #endif
   }
 

libgearman-server/struct/io.h

@@ -39,9 +39,7 @@
 
 #include "libgearman-server/plugins/base.h"
 
-#if defined(HAVE_CYASSL) && HAVE_CYASSL
-# include <cyassl/ssl.h>
-#endif
+#include "libgearman/ssl.h"
 
 struct gearmand_io_st
 {
@@ -176,7 +174,7 @@ struct gearman_server_con_st
   char id[GEARMAND_SERVER_CON_ID_SIZE];
   gearmand::protocol::Context* protocol;
   struct event *timeout_event;
-  struct CYASSL* _ssl;
+  SSL* _ssl;
 
   gearman_server_con_st()
   {