LIBS="${saved_LIBS}"
fi
-if test "${enable_ssl}" = "yes" && test "${with_crypto_library}" = "openssl";
-then
- saved_CPPFLAGS="${CPPFLAGS}"
- CPPFLAGS="${CPPFLAGS} ${OPENSSL_CRYPTO_CFLAGS}"
- AC_MSG_CHECKING([for SSL_OP_NO_TICKET flag in OpenSSL])
- AC_EGREP_CPP(have_ssl_op_no_ticket, [
- #include <openssl/ssl.h>
- #ifdef SSL_OP_NO_TICKET
- have_ssl_op_no_ticket
- #endif
- ], [
- AC_MSG_RESULT([yes])
- ], [
- AC_MSG_RESULT([no])
- AC_ERROR([OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL])
- ])
- CPPFLAGS="${saved_CPPFLAGS}"
-fi
-
AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl])
AC_ARG_VAR([POLARSSL_LIBS], [linker flags for polarssl])
have_polarssl_ssl="yes"
#include <openssl/ssl.h>
+/**
+ * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption",
+ * as this is something we do not want nor need, but could potentially be
+ * used for a future attack. For compatibility reasons we keep building if the
+ * OpenSSL version is too old (pre-0.9.8f) to support stateless session
+ * resumption (and the accompanying SSL_OP_NO_TICKET flag).
+ */
+#ifndef SSL_OP_NO_TICKET
+# define SSL_OP_NO_TICKET 0
+#endif
+
/**
* Structure that wraps the TLS context. Contents differ depending on the
* SSL library used.
projects / thirdparty / openvpn.git / commitdiff
