From 5d56cf1c71121e3b8f7c0db0172e5a27b7f5d235 Mon Sep 17 00:00:00 2001
From: Sunil Ravi <sunilravi@google.com>
Date: Wed, 4 May 2022 23:46:35 -0700
Subject: [PATCH] BoringSSL: Fix compilation error due to TLS 1.3 session
 tickets

SSL_CTX_set_num_tickets() is not available in boringSSL.
So protect the call to SSL_CTX_set_num_tickets() under
!defined(OPENSSL_IS_BORINGSSL) to fix the compilation error.

Fixes: decac7cd1e50 ("OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled")
Fixes: 81e24988895a ("OpenSSL: Limit the number of TLS 1.3 session tickets to one")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
---
 src/crypto/tls_openssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 912471ba2..07d303aa2 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1106,13 +1106,13 @@ void * tls_init(const struct tls_config *conf)
 		SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_SERVER);
 		SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
 		SSL_CTX_sess_set_remove_cb(ssl, remove_session_cb);
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(OPENSSL_IS_BORINGSSL)
 		/* One session ticket is sufficient for EAP-TLS */
 		SSL_CTX_set_num_tickets(ssl, 1);
 #endif
 	} else {
 		SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(OPENSSL_IS_BORINGSSL)
 		SSL_CTX_set_num_tickets(ssl, 0);
 #endif
 	}