[PATCH] OpenSSL: Use SSL_CTX_flush_sessions_ex() on >=v3.4
Andre Heider
a.heider at gmail.com
Tue Jul 8 02:18:46 PDT 2025
v3.4 deprecated SSL_CTX_flush_sessions() in favor of *_ex(), which is now
Y2038 safe [0].
Using the *_ex() variant fixes the build against a "no-deprecated" built v3.4.
[0] https://docs.openssl.org/3.4/man3/SSL_CTX_flush_sessions/
Signed-off-by: Andre Heider <a.heider at gmail.com>
---
src/crypto/tls_openssl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index eab43df39..ed0ec1421 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1343,7 +1343,13 @@ void tls_deinit(void *ssl_ctx)
if (data->tls_session_lifetime > 0) {
wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions");
+#if OPENSSL_VERSION_NUMBER >= 0x30400000L && \
+ !defined(LIBRESSL_VERSION_NUMBER) && \
+ !defined(OPENSSL_IS_BORINGSSL)
+ SSL_CTX_flush_sessions_ex(ssl, 0);
+#else
SSL_CTX_flush_sessions(ssl, 0);
+#endif /* OpenSSL version >= 3.4 */
wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions - done");
}
while ((sess_data = dl_list_first(&context->sessions,
--
2.47.2
More information about the Hostap
mailing list