From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 3 Mar 2021 20:40:12 +0000 (-0500)
Subject: add flag to send early session tickets
X-Git-Tag: release_3_0_22~179
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1663b982854e66eaa9191aec549aa8942c942947;p=thirdparty%2Ffreeradius-server.git

add flag to send early session tickets

mainly for TTLS and PEAP
---

diff --git a/src/include/tls-h b/src/include/tls-h
index f994f58d5a..5945d8b7f8 100644
--- a/src/include/tls-h
+++ b/src/include/tls-h
@@ -368,6 +368,7 @@ struct fr_tls_server_conf_t {
 #ifdef TLS1_3_VERSION
        bool		tls13_enable_magic;
        bool		tls13_send_zero;
+       bool		tls13_early_session_tickets;
 #endif
 
 	char const	*tls_min_version;
diff --git a/src/main/tls.c b/src/main/tls.c
index aa2aeb9859..8b6b128dba 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -831,6 +831,15 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn)
 #ifdef TLS1_3_VERSION
 		case TLS1_3_VERSION:
 			str_version = "TLS 1.3";
+
+			{
+				fr_tls_server_conf_t	*conf;
+				conf = (fr_tls_server_conf_t *)SSL_CTX_get_app_data(ssn->ctx);
+
+				if (conf->tls13_early_session_tickets && conf->session_cache_enable) {
+					SSL_set_num_tickets(ssn->ssl, 1);
+				}
+			}
 			break;
 #endif
 		default:
@@ -1373,6 +1382,7 @@ static CONF_PARSER tls_server_config[] = {
 #ifdef TLS1_3_VERSION
 	{ "tls13_enable", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, tls13_enable_magic), NULL },
 	{ "tls13_send_zero", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, tls13_send_zero), NULL },
+	{ "tls13_early_session_tickets", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, tls13_early_session_tickets), NULL },
 #endif
 
 	{ "cache", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) cache_config },