From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 12 Apr 2024 16:04:01 +0000 (-0400)
Subject: better handle re-enabling connection are TLS connection check
X-Git-Tag: release_3_2_4~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7672c8ebe7cdadbd11a614811c5e6fd8176c001a;p=thirdparty%2Ffreeradius-server.git

better handle re-enabling connection are TLS connection check
---

diff --git a/src/main/listen.c b/src/main/listen.c
index 8a0bff5ebf4..c7617010b04 100644
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -385,6 +385,7 @@ int rad_status_server(REQUEST *request)
 		if (sock->state == LISTEN_TLS_CHECKING) {
 			int autz_type = PW_AUTZ_TYPE;
 			char const *name = "Autz-Type";
+			rad_listen_t *listener = request->listener;
 
 			if (request->listener->type == RAD_LISTEN_ACCT) {
 				autz_type = PW_ACCT_TYPE;
@@ -404,11 +405,22 @@ int rad_status_server(REQUEST *request)
 			if ((rcode == RLM_MODULE_OK) || (rcode == RLM_MODULE_UPDATED)) {
 				RDEBUG("(TLS) Connection is authorized");
 				request->reply->code = PW_CODE_ACCESS_ACCEPT;
+
+				listener->status = RAD_LISTEN_STATUS_RESUME;
+
+				rad_assert(sock->request->packet != request->packet);
+
+				sock->state = LISTEN_TLS_SETUP;
+
 			} else {
 				RWDEBUG("(TLS) Connection is not authorized - closing TCP socket.");
 				request->reply->code = PW_CODE_ACCESS_REJECT;
+
+				listener->status = RAD_LISTEN_STATUS_EOL;
+				listener->tls = NULL; /* parent owns this! */
 			}
 
+			radius_update_listener(listener);
 			return 0;
 		}
 	}
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 41c1b2b9206..351cbf12978 100644
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -580,6 +580,7 @@ check_for_setup:
 		 *	or any other contents.
 		 */
 		request->packet->code = PW_CODE_STATUS_SERVER;
+		request->packet->id = request->reply->id = 0;
 		request->packet->data = talloc_zero_array(request->packet, uint8_t, 20);
 		request->packet->data[0] = PW_CODE_STATUS_SERVER;
 		request->packet->data[3] = 20;