Add tls_session_reused=<0/1> into EAP peer TLS status

This can be used to determine whether the last TLS-based EAP
authentication instance re-used a previous session (e.g., TLS session
resumption or EAP-FAST session ticket).

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 934ab34b33d1d800eb6bbdaafe77d92465b8d0c7..3641a2c838cb6765676b7760394ff59be180834e 100644 (file)
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -794,7 +794,10 @@ int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
        if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
        {
                ret = os_snprintf(buf + len, buflen - len,
-                                 "EAP TLS cipher=%s\n", name);
+                                 "EAP TLS cipher=%s\n"
+                                 "tls_session_reused=%d\n",
+                                 name, tls_connection_resumed(data->ssl_ctx,
+                                                              data->conn));
                if (os_snprintf_error(buflen - len, ret))
                        return len;
                len += ret;