diff options
author | Steffan Karger <steffan@karger.me> | 2014-07-13 11:26:32 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-07-13 13:41:37 +0200 |
commit | 97bd862ed5c22956cb4405eabae64cf55cabb0d3 (patch) | |
tree | 06347d8e6a5a474fae73a899b6a04d12c5854337 /src | |
parent | d860ee4a4c2cac03a872f07a9e629b56f3158b8b (diff) | |
download | openvpn-97bd862ed5c22956cb4405eabae64cf55cabb0d3.tar.gz openvpn-97bd862ed5c22956cb4405eabae64cf55cabb0d3.tar.xz openvpn-97bd862ed5c22956cb4405eabae64cf55cabb0d3.zip |
Define dummy SSL_OP_NO_TICKET flag if not present in OpenSSL.
This restores support for pre-0.9.8f OpenSSL versions, which do not include
stateless session resumption, and the accompanying SSL_OP_NO_TICKET flag.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <53C251E2.7050605@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8902
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/ssl_openssl.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h index fc2052c..97dc742 100644 --- a/src/openvpn/ssl_openssl.h +++ b/src/openvpn/ssl_openssl.h @@ -33,6 +33,17 @@ #include <openssl/ssl.h> /** + * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption", + * as this is something we do not want nor need, but could potentially be + * used for a future attack. For compatibility reasons we keep building if the + * OpenSSL version is too old (pre-0.9.8f) to support stateless session + * resumption (and the accompanying SSL_OP_NO_TICKET flag). + */ +#ifndef SSL_OP_NO_TICKET +# define SSL_OP_NO_TICKET 0 +#endif + +/** * Structure that wraps the TLS context. Contents differ depending on the * SSL library used. */ |