From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Wed, 4 May 2022 21:34:25 +0000 (+0300)
Subject: LibreSSL: Fix compilation issue with TLS 1.3 session ticket limit
X-Git-Tag: hostap_2_11~1955
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c24e18e5c5029b5080ac54d3738a8106a6c4f859;p=thirdparty%2Fhostap.git

LibreSSL: Fix compilation issue with TLS 1.3 session ticket limit

LibreSSL does not seem have SSL_CTX_set_num_tickets(), so comment out
these not really critical calls when building with that library.

Fixes: 81e24988895a ("OpenSSL: Limit the number of TLS 1.3 session tickets to one")
Fixes: decac7cd1e50 ("OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d303aa2..81c93c139 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1106,13 +1106,17 @@ void * tls_init(const struct tls_config *conf)
 		SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_SERVER);
 		SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
 		SSL_CTX_sess_set_remove_cb(ssl, remove_session_cb);
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+	!defined(LIBRESSL_VERSION_NUMBER) && \
+	!defined(OPENSSL_IS_BORINGSSL)
 		/* One session ticket is sufficient for EAP-TLS */
 		SSL_CTX_set_num_tickets(ssl, 1);
 #endif
 	} else {
 		SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+	!defined(LIBRESSL_VERSION_NUMBER) && \
+	!defined(OPENSSL_IS_BORINGSSL)
 		SSL_CTX_set_num_tickets(ssl, 0);
 #endif
 	}