From c77abedae883aaa4430b882baa86c365f82fc1cc Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Thu, 18 Nov 2010 13:19:34 +0100
Subject: Don't disable ssl caching for 0.9.8p and later in the 0.9.x series of
 OpenSSL. Follow up to RADSECPROXY-14.

---
 tlscommon.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'tlscommon.c')

diff --git a/tlscommon.c b/tlscommon.c
index b718ca2..d5a35bf 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -227,11 +227,13 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
 	debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name);
 	return NULL;
     }
-#if OPENSSL_VERSION_NUMBER < 0x1000002f
-    debug(DBG_WARN, "%s: OpenSSL seems to be older than "
-	  "1.0.0b -- disabling OpenSSL session caching for context %p "
-	  "to avoid a TLS extension parsing race condition "
-	  "(http://openssl.org/news/secadv_20101116.txt).", __func__, ctx);
+#if OPENSSL_VERSION_NUMBER < 0x0090810f \
+    || (OPENSSL_VERSION_NUMBER >= 0x1000000f \
+	&& OPENSSL_VERSION_NUMBER < 0x1000002f)
+    debug(DBG_WARN, "%s: OpenSSL seems to be of a version with a  "
+	  "certain security critical bug (fixed in OpenSSL 0.9.8p and "
+	  "1.0.0b).  Disabling OpenSSL session caching for context %p.",
+	  __func__, ctx);
     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 #endif
 
-- 
cgit v1.1