Not all calls to fr_tls_call_push require the session cache

author Nick Porter <nick@portercomputing.co.uk>

Thu, 13 Feb 2025 12:14:26 +0000 (12:14 +0000)

committer Nick Porter <nick@portercomputing.co.uk>

Thu, 13 Feb 2025 13:54:53 +0000 (13:54 +0000)
author Nick Porter <nick@portercomputing.co.uk>
Thu, 13 Feb 2025 12:14:26 +0000 (12:14 +0000)
committer Nick Porter <nick@portercomputing.co.uk>
Thu, 13 Feb 2025 13:54:53 +0000 (13:54 +0000)
diff --git a/src/lib/tls/base-h b/src/lib/tls/base-h

index 4bf1f6ee6b518f90e129f0cb11810901a539b02e..2113fe38341a8122f7f1ccdef941fa7085e1bc55 100644 (file)
--- a/src/lib/tls/base-h
+++ b/src/lib/tls/base-h
@@ -172,7 +172,7 @@ void                fr_tls_dict_free(void);
   *     tls/virtual_server.c
   */
  unlang_action_t fr_tls_call_push(request_t *child, unlang_function_t resume,
-                                fr_tls_conf_t *conf, fr_tls_session_t *tls_session);
+                                fr_tls_conf_t *conf, fr_tls_session_t *tls_session, bool cache_required);
  
  #ifdef __cplusplus
  }
diff --git a/src/lib/tls/cache.c b/src/lib/tls/cache.c

index 565532041f121500b51df88fa3a3393fb1da5b34..cf4c0f1f6e4a55166485e0bf8e9e776ea1103124 100644 (file)
--- a/src/lib/tls/cache.c
+++ b/src/lib/tls/cache.c
@@ -446,7 +446,7 @@ static unlang_action_t tls_cache_load_push(request_t *request, fr_tls_session_t
          *      Allocate a child, and set it up to call
          *      the TLS virtual server.
          */
-       ua = fr_tls_call_push(child, tls_cache_load_result, conf, tls_session);
+       ua = fr_tls_call_push(child, tls_cache_load_result, conf, tls_session, true);
         if (ua < 0) {
                 talloc_free(child);
                 tls_cache_load_state_reset(request, tls_cache);
@@ -586,7 +586,7 @@ unlang_action_t tls_cache_store_push(request_t *request, fr_tls_conf_t *conf, fr
          *      Allocate a child, and set it up to call
          *      the TLS virtual server.
          */
-       ua = fr_tls_call_push(child, tls_cache_store_result, conf, tls_session);
+       ua = fr_tls_call_push(child, tls_cache_store_result, conf, tls_session, true);
         if (ua < 0) goto error;
  
         return ua;
@@ -655,7 +655,7 @@ unlang_action_t tls_cache_clear_push(request_t *request, fr_tls_conf_t *conf, fr
          *      Allocate a child, and set it up to call
          *      the TLS virtual server.
          */
-       ua = fr_tls_call_push(child, tls_cache_clear_result, conf, tls_session);
+       ua = fr_tls_call_push(child, tls_cache_clear_result, conf, tls_session, true);
         if (ua < 0) {
                 talloc_free(child);
                 tls_cache_clear_state_reset(request, tls_cache);
diff --git a/src/lib/tls/session.c b/src/lib/tls/session.c

index dbef8a1be6f9ed28785c7ee4f6443bdfbfbda45c..0c7a56737a4bb8a928029cf1488a675a4fedd558 100644 (file)
--- a/src/lib/tls/session.c
+++ b/src/lib/tls/session.c
@@ -1170,7 +1170,7 @@ unlang_action_t tls_establish_session_push(request_t *request, fr_tls_conf_t *co
          *      Allocate a child, and set it up to call
          *      the TLS virtual server.
          */
-       ua = fr_tls_call_push(child, tls_establish_session_result, conf, tls_session);
+       ua = fr_tls_call_push(child, tls_establish_session_result, conf, tls_session, false);
         if (ua < 0) {
                 talloc_free(child);
                 return UNLANG_ACTION_FAIL;
diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c

index 5cb32159b53a6d2ad1a4b7eb72683f5f2e8162ce..7babc3023758829c8de3dee9593203234b544ed1 100644 (file)
--- a/src/lib/tls/verify.c
+++ b/src/lib/tls/verify.c
@@ -467,7 +467,7 @@ static unlang_action_t tls_verify_client_cert_push(request_t *request, fr_tls_se
          *      Allocate a child, and set it up to call
          *      the TLS virtual server.
          */
-       ua = fr_tls_call_push(child, tls_verify_client_cert_result, conf, tls_session);
+       ua = fr_tls_call_push(child, tls_verify_client_cert_result, conf, tls_session, false);
         if (ua < 0) {
                 PERROR("Failed calling TLS virtual server");
                 talloc_free(child);
diff --git a/src/lib/tls/virtual_server.c b/src/lib/tls/virtual_server.c

index 82a9602d2fc9518b56ca029bfa12932e9c46609f..59daeea4b55e05bc6d8cfe6d06b63d6cbbf35e86 100644 (file)
--- a/src/lib/tls/virtual_server.c
+++ b/src/lib/tls/virtual_server.c
@@ -43,14 +43,19 @@
   *                             be a pointer to the provided tls_session.
   * @param[in] conf             the tls configuration.
   * @param[in] tls_session      The current tls_session.
+ * @param[in] cache_required   Does this action require the tls cache
   * @return
   *      - 0 on success.
   *     - -1 on failure.
   */
  unlang_action_t fr_tls_call_push(request_t *child, unlang_function_t resume,
-                                fr_tls_conf_t *conf, fr_tls_session_t *tls_session)
+                                fr_tls_conf_t *conf, fr_tls_session_t *tls_session,
+#ifdef NDEBUG
+                                UNUSED
+#endif
+                                bool cache_required)
  {
-       fr_assert(tls_session->cache);
+       fr_assert(tls_session->cache || !cache_required);
  
         /*
          *      Sets up a dispatch frame in the parent
author	Nick Porter <nick@portercomputing.co.uk>
	Thu, 13 Feb 2025 12:14:26 +0000 (12:14 +0000)
committer	Nick Porter <nick@portercomputing.co.uk>
	Thu, 13 Feb 2025 13:54:53 +0000 (13:54 +0000)
src/lib/tls/base-h		patch \| blob \| blame \| history
src/lib/tls/cache.c		patch \| blob \| blame \| history
src/lib/tls/session.c		patch \| blob \| blame \| history
src/lib/tls/verify.c		patch \| blob \| blame \| history
src/lib/tls/virtual_server.c		patch \| blob \| blame \| history