Hi, On 11-07-14 20:17, Jan Just Keijser wrote: > on CentOS 5 I get > > checking for SSL_OP_NO_TICKET flag in OpenSSL... no > configure: error: OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL > > which is logical as the "stock" openssl lib on CentOS 5 is openssl 0.9.8 > ; to me, this breaks CentOS 5 builds, as I have no option nor desire to > build & install openssl 1.0 on them.
Hmm, I actually checked that 0.9.8 (the minimum version supported by 2.4) has SSL_OP_NO_TICKET. From the OpenSSL changelog: "Changes between 0.9.8e and 0.9.8f [11 Oct 2007] [...] If a client or server wishes to disable RFC4507 support then the option SSL_OP_NO_TICKET can be set." I expected distributions had incorporated that by now. Not sure whether to add extra code here, or just declare it ancient and let distros/users either backport newer OpenSSL or use 2.3. -Steffan
