Cache the TLS-* attributes for fast session resumption

author Alan T. DeKok <aland@freeradius.org>

Fri, 10 Feb 2012 10:29:23 +0000 (11:29 +0100)

committer Alan T. DeKok <aland@freeradius.org>

Fri, 10 Feb 2012 10:29:23 +0000 (11:29 +0100)
author Alan T. DeKok <aland@freeradius.org>
Fri, 10 Feb 2012 10:29:23 +0000 (11:29 +0100)
committer Alan T. DeKok <aland@freeradius.org>
Fri, 10 Feb 2012 10:29:23 +0000 (11:29 +0100)
diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c

index 2e094db153420e40aafbebe7bd9d44ab3ab824e4..46410956aa4fb7f1a4b3d2e25b0b490d1e702d17 100644 (file)
--- a/src/modules/rlm_eap/libeap/eap_tls.c
+++ b/src/modules/rlm_eap/libeap/eap_tls.c
@@ -153,10 +153,14 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
                 
                 vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME);
                 if (vp) pairadd(&vps, vp);
-               
+
                 vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY);
                 if (vp) pairadd(&vps, vp);
-               
+
+               if (handler->certs) {
+                       pairadd(&vps, paircopy(handler->certs));
+               }
+
                 if (vps) {
                         SSL_SESSION_set_ex_data(tls_session->ssl->session,
                                                 eaptls_session_idx, vps);
@@ -172,15 +176,29 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
                  */
         } else {
                
-               vp = SSL_SESSION_get_ex_data(tls_session->ssl->session,
+               vps = SSL_SESSION_get_ex_data(tls_session->ssl->session,
                                              eaptls_session_idx);
-               if (!vp) {
+               if (!vps) {
                         RDEBUG("WARNING: No information in cached session!");
                         return eaptls_fail(handler, peap_flag);
                 } else {
-                       RDEBUG("Adding cached attributes to the reply:");
-                       debug_pair_list(vp);
-                       pairadd(&request->reply->vps, paircopy(vp));
+                       RDEBUG("Adding cached attributes:");
+                       debug_pair_list(vps);
+
+                       for (vp = vps; vp != NULL; vp = vp->next) {
+                               /*
+                                *      TLS-* attrs get added back to
+                                *      the request list.
+                                */
+                               if ((vp->attribute >= 1910) &&
+                                   (vp->attribute < 1929)) {
+                                       pairadd(&request->packet->vps,
+                                               paircopyvp(vp));
+                               } else {
+                                       pairadd(&request->reply->vps,
+                                               paircopyvp(vp));
+                               }
+                       }
  
                         /*
                          *      Mark the request as resumed.
author	Alan T. DeKok <aland@freeradius.org>
	Fri, 10 Feb 2012 10:29:23 +0000 (11:29 +0100)
committer	Alan T. DeKok <aland@freeradius.org>
	Fri, 10 Feb 2012 10:29:23 +0000 (11:29 +0100)