copy radiusv11 flags to running listener

diff --git a/src/main/listen.c b/src/main/listen.c
index 5c4e5baa4ab94123dec06d9ab27dc03d3d33423f..06a5de6d26004b6bbb020823303ffe21e2891192 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -899,6 +899,15 @@ static int dual_tcp_accept(rad_listen_t *listener)
 
                        this->recv = dual_tls_recv;
                        this->send = dual_tls_send;
+
+#ifdef WITH_RADIUSV11
+                       /*
+                        *      We've checked above for conflicts between require/forbid and forbid/require.
+                        *      So either the settings agree (forbid/forbid, require/require), OR this listener
+                        *      is marker "allow".  In which case we just use whatever the client has set.
+                        */
+                       this->radiusv11 = client->radiusv11;
+#endif
                }
 #endif
        }

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index e0a3fb9f14a1f54c42d05d546ae93041acfd14d9..6808e6b7bb9ef0a512c444705265cb7a1869eb52 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -396,6 +396,15 @@ static int tls_socket_recv(rad_listen_t *listener)
                sock->packet->dst_port = sock->my_port;
 
                if (sock->request) sock->request->packet = talloc_steal(sock->request, sock->packet);
+
+#ifdef WITH_RADIUSV11
+               /*
+                *      If the flag is "allow", then the ALPN negotiation updates it to "require" if RADIUSv11
+                *      is negotiated.
+                */
+               sock->packet->radiusv11 = (listener->radiusv11 == FR_RADIUSV11_REQUIRE);
+#endif
+
        }
 
        /*