[PATCH] OpenSSL: Use SSL_CTX_flush_sessions_ex() on >=v3.4

Andre Heider a.heider at gmail.com
Tue Jul 8 02:18:46 PDT 2025


v3.4 deprecated SSL_CTX_flush_sessions() in favor of *_ex(), which is now
Y2038 safe [0].

Using the *_ex() variant fixes the build against a "no-deprecated" built v3.4.

[0] https://docs.openssl.org/3.4/man3/SSL_CTX_flush_sessions/

Signed-off-by: Andre Heider <a.heider at gmail.com>
---
 src/crypto/tls_openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index eab43df39..ed0ec1421 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1343,7 +1343,13 @@ void tls_deinit(void *ssl_ctx)
 
 	if (data->tls_session_lifetime > 0) {
 		wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions");
+#if OPENSSL_VERSION_NUMBER >= 0x30400000L && \
+	!defined(LIBRESSL_VERSION_NUMBER) && \
+	!defined(OPENSSL_IS_BORINGSSL)
+		SSL_CTX_flush_sessions_ex(ssl, 0);
+#else
 		SSL_CTX_flush_sessions(ssl, 0);
+#endif /* OpenSSL version >= 3.4 */
 		wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions - done");
 	}
 	while ((sess_data = dl_list_first(&context->sessions,
-- 
2.47.2




More information about the Hostap mailing list