diff options
author | Linus Nordberg <linus@nordberg.se> | 2010-11-18 13:19:34 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordberg.se> | 2010-11-18 13:19:34 +0100 |
commit | c77abedae883aaa4430b882baa86c365f82fc1cc (patch) | |
tree | 32066b297e56d7b7c6fc5775566611252b27f1db | |
parent | 2803b140a7a393fe974457725c53026101d999c6 (diff) |
Don't disable ssl caching for 0.9.8p and later in the 0.9.x series of OpenSSL.
Follow up to RADSECPROXY-14.
-rw-r--r-- | tlscommon.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/tlscommon.c b/tlscommon.c index b718ca2..d5a35bf 100644 --- a/tlscommon.c +++ b/tlscommon.c @@ -227,11 +227,13 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name); return NULL; } -#if OPENSSL_VERSION_NUMBER < 0x1000002f - debug(DBG_WARN, "%s: OpenSSL seems to be older than " - "1.0.0b -- disabling OpenSSL session caching for context %p " - "to avoid a TLS extension parsing race condition " - "(http://openssl.org/news/secadv_20101116.txt).", __func__, ctx); +#if OPENSSL_VERSION_NUMBER < 0x0090810f \ + || (OPENSSL_VERSION_NUMBER >= 0x1000000f \ + && OPENSSL_VERSION_NUMBER < 0x1000002f) + debug(DBG_WARN, "%s: OpenSSL seems to be of a version with a " + "certain security critical bug (fixed in OpenSSL 0.9.8p and " + "1.0.0b). Disabling OpenSSL session caching for context %p.", + __func__, ctx); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); #endif |