From 6309497fb59548d6b68cc51e961e94c26d8b1d61 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 14 Dec 2022 11:19:03 -0500
Subject: [PATCH] give better error messages for %{listen:TLS-*}

---
 src/main/mainconfig.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
index 960a312006..227ae4acfd 100644
--- a/src/main/mainconfig.c
+++ b/src/main/mainconfig.c
@@ -501,11 +501,27 @@ static ssize_t xlat_listen_common(REQUEST *request, rad_listen_t *listen,
 		VALUE_PAIR *vp;
 		listen_socket_t *sock = listen->data;
 
+		if (!listen->tls) {
+			RDEBUG("Listener is not using TLS.  TLS attributes are not available");
+			*out = '\0';
+			return 0;
+		}
+
 		for (vp = sock->certs; vp != NULL; vp = vp->next) {
 			if (strcmp(fmt, vp->da->name) == 0) {
 				return vp_prints_value(out, outlen, vp, 0);
 			}
 		}
+
+		RDEBUG("Unknown TLS attribute \"%s\"", fmt);
+		*out = '\0';
+		return 0;
+	}
+#else
+	if (strncmp(fmt, "TLS-", 4) == 0) {
+		RDEBUG("Server is not built with TLS support");
+		*out = '\0';
+		return 0;
 	}
 #endif
 
-- 
2.47.3