]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 03cf2b6)
OpenSSL: Use SSL_CTX_flush_sessions_ex() on >=v3.4
authorAndre Heider <a.heider@gmail.com>
Tue, 8 Jul 2025 09:18:46 +0000 (11:18 +0200)
committerJouni Malinen <j@w1.fi>
Mon, 29 Sep 2025 17:14:38 +0000 (20:14 +0300)
OpenSSL v3.4 deprecated SSL_CTX_flush_sessions() in favor of *_ex(),
which is now Y2038 safe [0].

Use the *_ex() variant to fix the build against a "no-deprecated" built
of OpenSSL v3.4.

[0] https://docs.openssl.org/3.4/man3/SSL_CTX_flush_sessions/

Signed-off-by: Andre Heider <a.heider@gmail.com>
src/crypto/tls_openssl.c patch | blob | blame | history

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index eab43df39fa4a812a046dbd0d25ce88c8a59f914..a87baf6c5762f965563b587ee41b37431f3ea22f 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1343,7 +1343,13 @@ void tls_deinit(void *ssl_ctx)
 
        if (data->tls_session_lifetime > 0) {
                wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions");
+#if OPENSSL_VERSION_NUMBER >= 0x30400000L && \
+       !defined(LIBRESSL_VERSION_NUMBER) && \
+       !defined(OPENSSL_IS_BORINGSSL)
+               SSL_CTX_flush_sessions_ex(ssl, 0);
+#else /* OpenSSL version >= 3.4 */
                SSL_CTX_flush_sessions(ssl, 0);
+#endif /* OpenSSL version >= 3.4 */
                wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions - done");
        }
        while ((sess_data = dl_list_first(&context->sessions,
Unnamed repository; edit this file 'description' to name the repository.