+ /*
+ * If there's no session resumption, delete the entry
+ * from the cache. This means either it's disabled
+ * globally for this SSL context, OR we were told to
+ * disable it for this user.
+ *
+ * This also means you can't turn it on just for one
+ * user.
+ */
+ if ((!tls_session->allow_session_resumption) ||
+ (((vp = pairfind(request->config_items, 1127, 0)) != NULL) &&
+ (vp->vp_integer == 0))) {
+ SSL_CTX_remove_session(tls_session->ctx,
+ tls_session->ssl->session);
+ tls_session->allow_session_resumption = 0;
+
+ /*
+ * If we're in a resumed session and it's
+ * not allowed,
+ */
+ if (SSL_session_reused(tls_session->ssl)) {
+ RDEBUG("FAIL: Forcibly stopping session resumption as it is not allowed.");
+ return eaptls_fail(handler, peap_flag);
+ }
+
+ /*
+ * Else resumption IS allowed, so we store the
+ * user data in the cache.
+ */
+ } else if (!SSL_session_reused(tls_session->ssl)) {
+ RDEBUG2("Saving response in the cache");
+
+ vp = paircopy2(request->reply->vps, PW_USER_NAME, 0);
+ if (vp) pairadd(&vps, vp);
+
+ vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0);
+ if (vp) pairadd(&vps, vp);
+
+ vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0);
+ if (vp) pairadd(&vps, vp);
+
+ if (vps) {
+ SSL_SESSION_set_ex_data(tls_session->ssl->session,
+ eaptls_session_idx, vps);
+ } else {
+ RDEBUG2("WARNING: No information to cache: session caching will be disabled for this session.");
+ SSL_CTX_remove_session(tls_session->ctx,
+ tls_session->ssl->session);
+ }
+
+ /*
+ * Else the session WAS allowed. Copy the cached
+ * reply.
+ */
+ } else {
+
+ vp = SSL_SESSION_get_ex_data(tls_session->ssl->session,
+ eaptls_session_idx);
+ if (!vp) {
+ RDEBUG("WARNING: No information in cached session!");
+ return eaptls_fail(handler, peap_flag);
+ } else {
+ RDEBUG("Adding cached attributes to the reply:");
+ debug_pair_list(vp);
+ pairadd(&request->reply->vps, paircopy(vp));
+
+ /*
+ * Mark the request as resumed.
+ */
+ vp = pairmake("EAP-Session-Resumed", "1", T_OP_SET);
+ if (vp) pairadd(&request->packet->vps, vp);
+ }
+ }
+
+ /*
+ * Call compose AFTER checking for cached data.
+ */
+ eaptls_compose(handler->eap_ds, &reply);
+
+ /*
+ * Automatically generate MPPE keying material.
+ */
+ if (tls_session->prf_label) {
+ eaptls_gen_mppe_keys(&handler->request->reply->vps,
+ tls_session->ssl, tls_session->prf_label);
+ } else {
+ RDEBUG("WARNING: Not adding MPPE keys because there is no PRF label");
+ }