add tls flag to packets

and set it for TLS transport send / receive.  This lets the
packet encoder and verification routines behave differently for
TLS and non-TLS transport

diff --git a/src/include/libradius.h b/src/include/libradius.h
index 757828f070e2f8433adf4ac3ff8a7211658c9c41..c2e8969f3c9893798fe7197017e352126b664b32 100644 (file)
--- a/src/include/libradius.h
+++ b/src/include/libradius.h
@@ -407,6 +407,7 @@ typedef struct radius_packet {
        size_t                  partial;
        int                     proto;
 #endif
+       bool                    tls;            //!< uses secure transport
 } RADIUS_PACKET;
 
 typedef enum {

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 563a887d240cd1501de2dcba0b99ed5df361c1e1..6d954d269f11c66c7dcab5caf010cfba14f31dee 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -439,6 +439,8 @@ read_application_data:
        packet->vps = NULL;
        PTHREAD_MUTEX_UNLOCK(&sock->mutex);
 
+       packet->tls = true;
+
        if (!rad_packet_ok(packet, 0, NULL)) {
                if (DEBUG_ENABLED) ERROR("Receive - %s", fr_strerror());
                DEBUG("(TLS) Closing TLS socket from client");
@@ -935,6 +937,8 @@ int proxy_tls_recv(rad_listen_t *listener)
        memcpy(packet->data, data, packet->data_len);
        memcpy(packet->vector, packet->data + 4, 16);
 
+       packet->tls = true;
+
        /*
         *      FIXME: Client MIB updates?
         */
@@ -995,6 +999,7 @@ int proxy_tls_send(rad_listen_t *listener, REQUEST *request)
         *      if there's no packet, encode it here.
         */
        if (!request->proxy->data) {
+               request->reply->tls = true;
                request->proxy_listener->proxy_encode(request->proxy_listener,
                                                      request);
        }