From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 3 Feb 2017 22:17:24 +0000 (-0500)
Subject: read the TLS data first, before the VPs
X-Git-Tag: release_3_0_13~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5aabc3b1589a2522eceb9b17bfb77ba7211003af;p=thirdparty%2Ffreeradius-server.git

read the TLS data first, before the VPs
---

diff --git a/src/main/tls.c b/src/main/tls.c
index 6cd912f0f7f..5984c22b1de 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1459,16 +1459,6 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l
 		struct stat	st;
 		VALUE_PAIR	*vps = NULL;
 
-		/* read in the cached VPs from the .vps file */
-		snprintf(filename, sizeof(filename), "%s%c%s.vps",
-			 conf->session_cache_path, FR_DIR_SEP, buffer);
-		rv = pairlist_read(talloc_ctx, filename, &pairlist, 1);
-		if (rv < 0) {
-			/* not safe to un-persist a session w/o VPs */
-			RWDEBUG("Failed loading persisted VPs for session %s", buffer);
-			goto err;
-		}
-
 		/* load the actual SSL session */
 		snprintf(filename, sizeof(filename), "%s%c%s.asn1", conf->session_cache_path, FR_DIR_SEP, buffer);
 		fd = open(filename, O_RDONLY);
@@ -1524,6 +1514,16 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l
 			goto err;
 		}
 
+		/* read in the cached VPs from the .vps file */
+		snprintf(filename, sizeof(filename), "%s%c%s.vps",
+			 conf->session_cache_path, FR_DIR_SEP, buffer);
+		rv = pairlist_read(talloc_ctx, filename, &pairlist, 1);
+		if (rv < 0) {
+			/* not safe to un-persist a session w/o VPs */
+			RWDEBUG("Failed loading persisted VPs for session %s", buffer);
+			goto err;
+		}
+
 		/* move the cached VPs into the session */
 		fr_pair_list_mcopy_by_num(talloc_ctx, &vps, &pairlist->reply, 0, 0, TAG_ANY);