From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 4 Mar 2021 13:01:34 +0000 (-0500)
Subject: Revert "add flag to send early session tickets"
X-Git-Tag: release_3_0_22~175
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77488ccbea574c9d29aa3f5a7f74e7e26923ecaf;p=thirdparty%2Ffreeradius-server.git

Revert "add flag to send early session tickets"

This reverts commit 1663b982854e66eaa9191aec549aa8942c942947.

this doesn't work.

We really need SSL_new_session_ticket(), which is only in
OpenSSL 3.  Which is not released.
---

diff --git a/src/include/tls-h b/src/include/tls-h
index 5945d8b7f8..f994f58d5a 100644
--- a/src/include/tls-h
+++ b/src/include/tls-h
@@ -368,7 +368,6 @@ struct fr_tls_server_conf_t {
 #ifdef TLS1_3_VERSION
        bool		tls13_enable_magic;
        bool		tls13_send_zero;
-       bool		tls13_early_session_tickets;
 #endif
 
 	char const	*tls_min_version;
diff --git a/src/main/tls.c b/src/main/tls.c
index 8b6b128dba..aa2aeb9859 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -831,15 +831,6 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn)
 #ifdef TLS1_3_VERSION
 		case TLS1_3_VERSION:
 			str_version = "TLS 1.3";
-
-			{
-				fr_tls_server_conf_t	*conf;
-				conf = (fr_tls_server_conf_t *)SSL_CTX_get_app_data(ssn->ctx);
-
-				if (conf->tls13_early_session_tickets && conf->session_cache_enable) {
-					SSL_set_num_tickets(ssn->ssl, 1);
-				}
-			}
 			break;
 #endif
 		default:
@@ -1382,7 +1373,6 @@ static CONF_PARSER tls_server_config[] = {
 #ifdef TLS1_3_VERSION
 	{ "tls13_enable", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, tls13_enable_magic), NULL },
 	{ "tls13_send_zero", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, tls13_send_zero), NULL },
-	{ "tls13_early_session_tickets", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, tls13_early_session_tickets), NULL },
 #endif
 
 	{ "cache", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) cache_config },