From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 27 Sep 2012 11:46:40 +0000 (+0200)
Subject: Document cache parameters in listen + tls, too
X-Git-Tag: release_3_0_0_beta1~1681
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50771a98b665d87e8d950da2a381f53aa4d59d06;p=thirdparty%2Ffreeradius-server.git

Document cache parameters in listen + tls, too
---

diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
index b1c531df9a7..33a4686441f 100644
--- a/raddb/sites-available/tls
+++ b/raddb/sites-available/tls
@@ -198,6 +198,37 @@ listen {
 		      #  who are logged in... which can be a LOT.
 		      #
 		      max_entries = 255
+
+		      #
+		      #  Internal "name" of the session cache.
+		      #  Used to distinguish which TLS context
+		      #  sessions belong to.
+		      #
+		      #  The server will generate a random value
+		      #  if unset. This will change across server
+		      #  restart so you MUST set the "name" if you
+		      #  want to persist sessions (see below).
+		      #
+		      #  If you use IPv6, change the "ipaddr" below
+		      #  to "ipv6addr"
+		      #
+		      #name = "TLS ${..ipaddr} ${..port} ${..proto}"
+
+		      #
+		      #  Simple directory-based storage of sessions.
+		      #  Two files per session will be written, the SSL
+		      #  state and the cached VPs. This will persist session
+		      #  across server restarts.
+		      #
+		      #  The server will need write perms, and the directory
+		      #  should be secured from anyone else. You might want
+		      #  a script to remove old files from here periodically:
+		      #
+		      #    find ${logdir}/tlscache -mtime +2 -exec rm -f {} \;
+		      #
+		      #  This feature REQUIRES "name" option be set above.
+		      #
+		      #persist_dir = "${logdir}/tlscache"
 		}
 
 		#