summaryrefslogtreecommitdiff
path: root/tlscommon.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2010-11-18 13:19:34 +0100
committerLinus Nordberg <linus@nordberg.se>2010-11-18 13:19:34 +0100
commitc77abedae883aaa4430b882baa86c365f82fc1cc (patch)
tree32066b297e56d7b7c6fc5775566611252b27f1db /tlscommon.c
parent2803b140a7a393fe974457725c53026101d999c6 (diff)
Don't disable ssl caching for 0.9.8p and later in the 0.9.x series of OpenSSL.
Follow up to RADSECPROXY-14.
Diffstat (limited to 'tlscommon.c')
-rw-r--r--tlscommon.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/tlscommon.c b/tlscommon.c
index b718ca2..d5a35bf 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -227,11 +227,13 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name);
return NULL;
}
-#if OPENSSL_VERSION_NUMBER < 0x1000002f
- debug(DBG_WARN, "%s: OpenSSL seems to be older than "
- "1.0.0b -- disabling OpenSSL session caching for context %p "
- "to avoid a TLS extension parsing race condition "
- "(http://openssl.org/news/secadv_20101116.txt).", __func__, ctx);
+#if OPENSSL_VERSION_NUMBER < 0x0090810f \
+ || (OPENSSL_VERSION_NUMBER >= 0x1000000f \
+ && OPENSSL_VERSION_NUMBER < 0x1000002f)
+ debug(DBG_WARN, "%s: OpenSSL seems to be of a version with a "
+ "certain security critical bug (fixed in OpenSSL 0.9.8p and "
+ "1.0.0b). Disabling OpenSSL session caching for context %p.",
+ __func__, ctx);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
#endif