# didn't write the client, so we don't know where those logs
# are, or how to get at them.
#
+ # Information about the TLS state changes is in the
+ # &session-state:TLS-Session-Information attribute.
+ #
Post-Auth-Type Client-Lost {
+ #
+ # Debug ALL of the TLS state changes done during the
+ # EAP negotiation.
+ #
+# %{debug_attr:&session-state:TLS-Session-Information[*]}
+
+ #
+ # Debug the LAST TLS state change done during the EAP
+ # negotiation. For errors, this is usually a TLS
+ # alert from the client saying something like
+ # "unknown CA".
+ #
+# %{debug_attr:&session-state:TLS-Session-Information[n]}
+
+ #
+ # Debug the last module failure message. This may be
+ # useful, or it may refer to a server-side failure
+ # which did not cause the client to stop talking to the server.
+ #
+# %{debug_attr:&session-state:Module-Failure-Message}
}
#
ATTRIBUTE TLS-Cert-Subject-Alt-Name-Dns 1916 string
ATTRIBUTE TLS-Cert-Subject-Alt-Name-Upn 1917 string
ATTRIBUTE TLS-Cert-Valid-Since 1918 string
-# 1919: reserved for future cert attribute
+ATTRIBUTE TLS-Session-Information 1919 string
ATTRIBUTE TLS-Client-Cert-Serial 1920 string
ATTRIBUTE TLS-Client-Cert-Expiration 1921 string
ATTRIBUTE TLS-Client-Cert-Issuer 1922 string
char const *str_write_p, *str_version, *str_content_type = "";
char const *str_details1 = "", *str_details2= "";
REQUEST *request;
+ VALUE_PAIR *vp;
char content_type[16], alert_buf[16];
char buffer[32];
str_write_p, str_version, str_content_type,
str_details1, str_details2);
+ /*
+ * Cache the TLS session information in the session-state
+ * list, so it can be accessed by Post-Auth-Type
+ * Client-Lost { ... }
+ */
+ vp = fr_pair_afrom_num(request->state_ctx, PW_TLS_SESSION_INFORMATION, 0);
+ if (vp) {
+ fr_pair_value_strcpy(vp, tls_session->info.info_description);
+ fr_pair_add(&request->state, vp);
+ }
+
RDEBUG2("%s", tls_session->info.info_description);
}
projects / thirdparty / freeradius-server.git / commitdiff
