From: Alan T. DeKok Date: Thu, 18 Jun 2015 11:08:11 +0000 (-0400) Subject: Make it clear when we can't cache TLS sessions X-Git-Tag: release_3_0_9~127 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5577fd318c0e7d9879f721e6ff96d08196adf02;p=thirdparty%2Ffreeradius-server.git Make it clear when we can't cache TLS sessions --- diff --git a/src/main/tls.c b/src/main/tls.c index bd6e2e56288..ddbaec6d570 100644 --- a/src/main/tls.c +++ b/src/main/tls.c @@ -1160,19 +1160,29 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) REQUEST *request = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_REQUEST); + conf = (fr_tls_server_conf_t *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_CONF); + if (!conf) { + RWDEBUG("Failed to find TLS configuration in session"); + return NULL; + } + + if (!conf->session_cache_path) { + RWDEBUG("Failed to find 'persist_dir' in TLS configuration."); + return NULL; + } + size = sess->session_id_length; if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE; fr_bin2hex(buffer, sess->session_id, size); - RDEBUG2("Serialising session %s, and storing in cache", buffer); - - conf = (fr_tls_server_conf_t *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_CONF); - if (conf && conf->session_cache_path) { + { int fd, rv, todo, blob_len; char filename[256]; unsigned char *p; + RDEBUG2("Serialising session %s, and storing in cache", buffer); + /* find out what length data we need */ blob_len = i2d_SSL_SESSION(sess, NULL); if (blob_len < 1) { @@ -1241,6 +1251,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, in PAIR_LIST *pairlist = NULL; REQUEST *request = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_REQUEST); + rad_assert(request != NULL); size = len; @@ -1250,9 +1261,22 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, in RDEBUG2("Peer requested cached session: %s", buffer); + *copy = 0; + conf = (fr_tls_server_conf_t *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_CONF); + if (!conf) { + RWDEBUG("Failed to find TLS configuration in session"); + return NULL; + } + + if (!conf->session_cache_path) { + RWDEBUG("Failed to find 'persist_dir' in TLS configuration."); + return NULL; + } + talloc_ctx = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_TALLOC); - if (conf && conf->session_cache_path) { + + { int rv, fd, todo; char filename[256]; unsigned char *p; @@ -1325,7 +1349,6 @@ err: if (sess_data) talloc_free(sess_data); if (pairlist) pairlist_free(&pairlist); - *copy = 0; return sess; }