From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Mon, 2 May 2022 14:31:28 +0000 (+0300)
Subject: OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled
X-Git-Tag: hostap_2_11~1961
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=decac7cd1e50e0e85ee1416ddafcab33655f9a23;p=thirdparty%2Fhostap.git

OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled

Do not provide TLS 1.3 session tickets if session caching is disabled.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 240b8b8f7..388c6b0f4 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1112,6 +1112,9 @@ void * tls_init(const struct tls_config *conf)
 #endif
 	} else {
 		SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+		SSL_CTX_set_num_tickets(ssl, 0);
+#endif
 	}
 
 	if (tls_ex_idx_session < 0) {