Commit f0db61d2 authored by Linus Nordberg's avatar Linus Nordberg

Disable OpenSSL session caching if OpenSSL version < 1.0.0b.

(Closes RADSECPROXY-14.)
parent 7deb5182
......@@ -227,6 +227,13 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x1000002f
debug(DBG_WARN, "%s: OpenSSL seems to be older than "
"1.0.0b -- disabling OpenSSL session caching for context %p "
"to avoid a TLS extension parsing race condition "
"(http://openssl.org/news/secadv_20101116.txt).", __func__, ctx);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
#endif
if (conf->certkeypwd) {
SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->certkeypwd);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment