From d73fc3b75dad11a6078719d8427bc919db25cd72 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Fri, 10 Feb 2012 11:29:23 +0100 Subject: [PATCH] Cache the TLS-* attributes for fast session resumption So that the user can re-do all of the checks --- src/modules/rlm_eap/libeap/eap_tls.c | 32 ++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index 2e094db1534..46410956aa4 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -153,10 +153,14 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag) vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME); if (vp) pairadd(&vps, vp); - + vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY); if (vp) pairadd(&vps, vp); - + + if (handler->certs) { + pairadd(&vps, paircopy(handler->certs)); + } + if (vps) { SSL_SESSION_set_ex_data(tls_session->ssl->session, eaptls_session_idx, vps); @@ -172,15 +176,29 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag) */ } else { - vp = SSL_SESSION_get_ex_data(tls_session->ssl->session, + vps = SSL_SESSION_get_ex_data(tls_session->ssl->session, eaptls_session_idx); - if (!vp) { + if (!vps) { RDEBUG("WARNING: No information in cached session!"); return eaptls_fail(handler, peap_flag); } else { - RDEBUG("Adding cached attributes to the reply:"); - debug_pair_list(vp); - pairadd(&request->reply->vps, paircopy(vp)); + RDEBUG("Adding cached attributes:"); + debug_pair_list(vps); + + for (vp = vps; vp != NULL; vp = vp->next) { + /* + * TLS-* attrs get added back to + * the request list. + */ + if ((vp->attribute >= 1910) && + (vp->attribute < 1929)) { + pairadd(&request->packet->vps, + paircopyvp(vp)); + } else { + pairadd(&request->reply->vps, + paircopyvp(vp)); + } + } /* * Mark the request as resumed. -- 2.47.3