From: Andre Heider <a.heider@gmail.com>
Date: Tue, 8 Jul 2025 09:18:46 +0000 (+0200)
Subject: OpenSSL: Use SSL_CTX_flush_sessions_ex() on >=v3.4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ebfbc158275cd3083910ce04cce779977e8005b;p=thirdparty%2Fhostap.git

OpenSSL: Use SSL_CTX_flush_sessions_ex() on >=v3.4

OpenSSL v3.4 deprecated SSL_CTX_flush_sessions() in favor of *_ex(),
which is now Y2038 safe [0].

Use the *_ex() variant to fix the build against a "no-deprecated" built
of OpenSSL v3.4.

[0] https://docs.openssl.org/3.4/man3/SSL_CTX_flush_sessions/

Signed-off-by: Andre Heider <a.heider@gmail.com>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index eab43df39..a87baf6c5 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1343,7 +1343,13 @@ void tls_deinit(void *ssl_ctx)
 
 	if (data->tls_session_lifetime > 0) {
 		wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions");
+#if OPENSSL_VERSION_NUMBER >= 0x30400000L && \
+	!defined(LIBRESSL_VERSION_NUMBER) && \
+	!defined(OPENSSL_IS_BORINGSSL)
+		SSL_CTX_flush_sessions_ex(ssl, 0);
+#else /* OpenSSL version >= 3.4 */
 		SSL_CTX_flush_sessions(ssl, 0);
+#endif /* OpenSSL version >= 3.4 */
 		wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions - done");
 	}
 	while ((sess_data = dl_list_first(&context->sessions,