From: Nick Porter <nick@portercomputing.co.uk>
Date: Tue, 10 Dec 2024 11:41:06 +0000 (+0000)
Subject: Don't duplicate TLS session info attributes
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62c9f8a721f26fee074db1b7ac116af61ec64b34;p=thirdparty%2Ffreeradius-server.git

Don't duplicate TLS session info attributes

They may already exist if the session is being resumed.
---

diff --git a/src/lib/tls/session.c b/src/lib/tls/session.c
index 78c1382d75f..1dc2b98def7 100644
--- a/src/lib/tls/session.c
+++ b/src/lib/tls/session.c
@@ -1180,12 +1180,9 @@ static unlang_action_t tls_session_async_handshake_done_round(UNUSED rlm_rcode_t
 
 		RDEBUG2("Adding TLS session information to request");
 		RINDENT();
-		vp = fr_pair_afrom_da(request->session_state_ctx, attr_tls_session_cipher_suite);
-		if (vp) {
-			fr_pair_value_strdup(vp,  SSL_CIPHER_get_name(cipher), false);
-			fr_pair_append(&request->session_state_pairs, vp);
-			RDEBUG2("&session-state.%pP", vp);
-		}
+		MEM(pair_update_session_state(&vp, attr_tls_session_cipher_suite) >= 0);
+		fr_pair_value_strdup(vp,  SSL_CIPHER_get_name(cipher), false);
+		RDEBUG2("&session-state.%pP", vp);
 
 		if (((size_t)tls_session->info.version >= NUM_ELEMENTS(tls_version_str)) ||
 		    !tls_version_str[tls_session->info.version]) {
@@ -1194,12 +1191,9 @@ static unlang_action_t tls_session_async_handshake_done_round(UNUSED rlm_rcode_t
 			version = tls_version_str[tls_session->info.version];
 		}
 
-		vp = fr_pair_afrom_da(request->session_state_ctx, attr_tls_session_version);
-		if (vp) {
-			fr_pair_value_strdup(vp, version, false);
-			fr_pair_append(&request->session_state_pairs, vp);
-			RDEBUG2("&session-state.%pP", vp);
-		}
+		MEM(pair_update_session_state(&vp, attr_tls_session_version) >= 0);
+		fr_pair_value_strdup(vp, version, false);
+		RDEBUG2("&session-state.%pP", vp);
 		REXDENT();
 
 		/*