From 0af7f64094c65cba7ee45bd2679e6826bcf598cb Mon Sep 17 00:00:00 2001
From: Alberto Gonzalez Iniesta <agi@inittab.org>
Date: Wed, 16 Apr 2014 17:32:08 +0200
Subject: Imported Upstream version 2.3.3

---
 src/openvpn/ssl_openssl.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/openvpn/ssl_openssl.h')

diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index fc2052c..73a6c49 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -32,6 +32,18 @@
 
 #include <openssl/ssl.h>
 
+/**
+ * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption",
+ * as this is something we do not want nor need, but could potentially be
+ * used for a future attack.  For compatibility reasons, in the 2.3.x
+ * series, we keep building if the OpenSSL version is too old to support
+ * this.  2.4 requires it and will fail configure if not present.
+ */
+#ifndef SSL_OP_NO_TICKET
+# define SSL_OP_NO_TICKET 0
+#endif
+
+
 /**
  * Structure that wraps the TLS context. Contents differ depending on the
  * SSL library used.
-- 
cgit v1.2.3