I think that line should be "ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;", not simply an =.
-Kyle H On Wed, Feb 17, 2010 at 10:03 AM, Tomas Hoger via RT <[email protected]> wrote: > Hi! > > SSL_CTX_new currently contains: > > /* Setup RFC4507 ticket keys */ > if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) > || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) > || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) > ret->options |= SSL_OP_NO_TICKET; > > followed by: > > /* Default is to connect to non-RI servers. When RI is more widely > * deployed might change this. > */ > ret->options = SSL_OP_LEGACY_SERVER_CONNECT; > > So even if SSL_OP_NO_TICKET is set, it should be unset again due to a > SSL_OP_LEGACY_SERVER_CONNECT default. > > Will SSL_OP_LEGACY_SERVER_CONNECT remain part of SSL_OP_ALL once > SSL_OP_LEGACY_SERVER_CONNECT is no longer default? > > -- > Tomas Hoger > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
