Merge tag 'upstream/2.3.3'

Upstream version 2.3.3
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-04-16 17:32:08 +0200
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2014-04-16 17:32:08 +0200
commit: e5caec6bb07020a3e552fc78f679e0517c4569cf (patch)
tree: 7e6c612db8bf52fdde057f35b2b4a5559e86e61b /src/openvpn/ssl_openssl.h
parent: 72eb879255b983286b83678fd62228187fbedbb2 (diff)
parent: 0af7f64094c65cba7ee45bd2679e6826bcf598cb (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index fc2052c..73a6c49 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -33,6 +33,18 @@
 #include <openssl/ssl.h>
 
 /**
+ * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption",
+ * as this is something we do not want nor need, but could potentially be
+ * used for a future attack.  For compatibility reasons, in the 2.3.x
+ * series, we keep building if the OpenSSL version is too old to support
+ * this.  2.4 requires it and will fail configure if not present.
+ */
+#ifndef SSL_OP_NO_TICKET
+# define SSL_OP_NO_TICKET 0
+#endif
+
+
+/**
  * Structure that wraps the TLS context. Contents differ depending on the
  * SSL library used.
  */
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-04-16 17:32:08 +0200
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2014-04-16 17:32:08 +0200
commit	e5caec6bb07020a3e552fc78f679e0517c4569cf (patch)
tree	7e6c612db8bf52fdde057f35b2b4a5559e86e61b /src/openvpn/ssl_openssl.h
parent	72eb879255b983286b83678fd62228187fbedbb2 (diff)
parent	0af7f64094c65cba7ee45bd2679e6826bcf598cb (diff)