From: Alan T. DeKok Date: Fri, 10 Feb 2012 10:29:23 +0000 (+0100) Subject: Cache the TLS-* attributes for fast session resumption X-Git-Tag: release_2_2_0~172 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d73fc3b75dad11a6078719d8427bc919db25cd72;p=thirdparty%2Ffreeradius-server.git Cache the TLS-* attributes for fast session resumption So that the user can re-do all of the checks --- diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index 2e094db1534..46410956aa4 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -153,10 +153,14 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag) vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME); if (vp) pairadd(&vps, vp); - + vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY); if (vp) pairadd(&vps, vp); - + + if (handler->certs) { + pairadd(&vps, paircopy(handler->certs)); + } + if (vps) { SSL_SESSION_set_ex_data(tls_session->ssl->session, eaptls_session_idx, vps); @@ -172,15 +176,29 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag) */ } else { - vp = SSL_SESSION_get_ex_data(tls_session->ssl->session, + vps = SSL_SESSION_get_ex_data(tls_session->ssl->session, eaptls_session_idx); - if (!vp) { + if (!vps) { RDEBUG("WARNING: No information in cached session!"); return eaptls_fail(handler, peap_flag); } else { - RDEBUG("Adding cached attributes to the reply:"); - debug_pair_list(vp); - pairadd(&request->reply->vps, paircopy(vp)); + RDEBUG("Adding cached attributes:"); + debug_pair_list(vps); + + for (vp = vps; vp != NULL; vp = vp->next) { + /* + * TLS-* attrs get added back to + * the request list. + */ + if ((vp->attribute >= 1910) && + (vp->attribute < 1929)) { + pairadd(&request->packet->vps, + paircopyvp(vp)); + } else { + pairadd(&request->reply->vps, + paircopyvp(vp)); + } + } /* * Mark the request as resumed.