Disable OpenSSL session caching if OpenSSL version < 1.0.0b.

(Closes RADSECPROXY-14.)
author: Linus Nordberg <linus@nordberg.se> 2010-11-17 19:07:50 +0100
committer: Linus Nordberg <linus@nordberg.se> 2010-11-17 19:07:50 +0100
commit: f0db61d2550918d8e59035546dcf15178d98ee46 (patch)
tree: 13e00c0182ebaf51db3cf2680e29401c5be6c8ef /tlscommon.c
parent: 7deb5182d520ffeff4a8f61b99edac5c0e6a74c6 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/tlscommon.c b/tlscommon.c
index 6d36ebb..b718ca2 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -227,6 +227,13 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
 	debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name);
 	return NULL;
     }
+#if OPENSSL_VERSION_NUMBER < 0x1000002f
+    debug(DBG_WARN, "%s: OpenSSL seems to be older than "
+	  "1.0.0b -- disabling OpenSSL session caching for context %p "
+	  "to avoid a TLS extension parsing race condition "
+	  "(http://openssl.org/news/secadv_20101116.txt).", __func__, ctx);
+    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+#endif
 
     if (conf->certkeypwd) {
 	SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->certkeypwd);
author	Linus Nordberg <linus@nordberg.se>	2010-11-17 19:07:50 +0100
committer	Linus Nordberg <linus@nordberg.se>	2010-11-17 19:07:50 +0100
commit	f0db61d2550918d8e59035546dcf15178d98ee46 (patch)
tree	13e00c0182ebaf51db3cf2680e29401c5be6c8ef /tlscommon.c
parent	7deb5182d520ffeff4a8f61b99edac5c0e6a74c6 (diff)