Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: > However, even with the above code, stateless session resumption > is still possible unless explicitly disabled with the > SSL_OP_NO_TICKET flag. This patch does this.
This actually raises an interesting question. My OpenSolaris buildslave
fails compilation with
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat -g -O2 -MT
ssl_openssl.o -MD -MP -MF .deps/ssl_openssl.Tpo -c -o ssl_openssl.o
ssl_openssl.c
ssl_openssl.c: In function `tls_ctx_set_options':
ssl_openssl.c:183: error: `SSL_OP_NO_TICKET' undeclared (first use in this
function)
... while "configure" doesn't flag an error about the OpenSSL version
installed (0.9.8a-fips). This is not ideal, if we know we're going to
fail at compile time due to missing functionality, we should tell the
user earlier.
Right now, if I read configure.ac correct, we require 0.9.6 or later (and
check this only if pkg-config is available) - but obviously, SSL_OP_NO_TICKET
was added later on.
Fix 1: only use SSL_OP_NO_TICKET if available
Fix 2: require a more recent OpenSSL version
Crypto guys, send me patches :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpchCO_TPZ4G.pgp
Description: PGP signature
