work around OpenSSL behavior changes for TLS 1.3

author Alan T. DeKok <aland@freeradius.org>

Wed, 24 Feb 2021 16:31:29 +0000 (11:31 -0500)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 24 Feb 2021 16:31:29 +0000 (11:31 -0500)
author Alan T. DeKok <aland@freeradius.org>
Wed, 24 Feb 2021 16:31:29 +0000 (11:31 -0500)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 24 Feb 2021 16:31:29 +0000 (11:31 -0500)
diff --git a/src/main/tls.c b/src/main/tls.c

index 86223e8568049dd6394379d4d6b59666cd0d57e0..393525adad25e4aec1d668e22e6a5d170d4fe158 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -4517,6 +4517,16 @@ int tls_success(tls_session_t *ssn, REQUEST *request)
                 if (conf->session_cache_path) {
                         char buffer[2 * MAX_SESSION_SIZE + 1];
  
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+#ifdef TLS1_3_VERSION
+                       /*
+                        *      OpenSSL frees the underlying session out from
+                        *      under us in TLS 1.3.
+                        */
+                       if (ssn->info.version == TLS1_3_VERSION) ssn->ssl_session = SSL_get_session(ssn->ssl);
+#endif
+#endif
+
                         tls_session_id(ssn->ssl_session, buffer, MAX_SESSION_SIZE);
  
                         /* "touch" the cached session/vp file */
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 24 Feb 2021 16:31:29 +0000 (11:31 -0500)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 24 Feb 2021 16:31:29 +0000 (11:31 -0500)