From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 10 Apr 2023 14:57:08 +0000 (-0400)
Subject: copy radiusv11 flags to running listener
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8dd4e9520037feb97115e44033d84474db5ab021;p=thirdparty%2Ffreeradius-server.git

copy radiusv11 flags to running listener
---

diff --git a/src/main/listen.c b/src/main/listen.c
index 5c4e5baa4a..06a5de6d26 100644
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -899,6 +899,15 @@ static int dual_tcp_accept(rad_listen_t *listener)
 
 			this->recv = dual_tls_recv;
 			this->send = dual_tls_send;
+
+#ifdef WITH_RADIUSV11
+			/*
+			 *	We've checked above for conflicts between require/forbid and forbid/require.
+			 *	So either the settings agree (forbid/forbid, require/require), OR this listener
+			 *	is marker "allow".  In which case we just use whatever the client has set.
+			 */
+			this->radiusv11 = client->radiusv11;
+#endif
 		}
 #endif
 	}
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index e0a3fb9f14..6808e6b7bb 100644
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -396,6 +396,15 @@ static int tls_socket_recv(rad_listen_t *listener)
 		sock->packet->dst_port = sock->my_port;
 
 		if (sock->request) sock->request->packet = talloc_steal(sock->request, sock->packet);
+
+#ifdef WITH_RADIUSV11
+		/*
+		 *	If the flag is "allow", then the ALPN negotiation updates it to "require" if RADIUSv11
+		 *	is negotiated.
+		 */
+		sock->packet->radiusv11 = (listener->radiusv11 == FR_RADIUSV11_REQUIRE);
+#endif
+
 	}
 
 	/*