+ * These functions don't do anything other than print debugging
+ * messages.
+ *
+ * FIXME: Write sessions to some long-term storage, so that
+ * session resumption can still occur after the server
+ * restarts.
+ */
+#define MAX_SESSION_SIZE (256)
+
+static void cbtls_remove_session(UNUSED SSL_CTX *ctx, SSL_SESSION *sess)
+{
+ size_t size;
+ char buffer[2 * MAX_SESSION_SIZE + 1];
+
+ size = sess->session_id_length;
+ if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
+
+ fr_bin2hex(sess->session_id, buffer, size);
+
+ DEBUG2(" SSL: Removing session %s from the cache", buffer);
+ SSL_SESSION_free(sess);
+
+ return;
+}
+
+static int cbtls_new_session(UNUSED SSL *s, SSL_SESSION *sess)
+{
+ size_t size;
+ char buffer[2 * MAX_SESSION_SIZE + 1];
+
+ size = sess->session_id_length;
+ if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
+
+ fr_bin2hex(sess->session_id, buffer, size);
+
+ DEBUG2(" SSL: adding session %s to cache", buffer);
+
+ return 1;
+}
+
+static SSL_SESSION *cbtls_get_session(UNUSED SSL *s,
+ unsigned char *data, int len,
+ UNUSED int *copy)
+{
+ size_t size;
+ char buffer[2 * MAX_SESSION_SIZE + 1];
+
+ size = len;
+ if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
+
+ fr_bin2hex(data, buffer, size);
+
+ DEBUG2(" SSL: Client requested nonexistent cached session %s",
+ buffer);
+
+ return NULL;
+}
+
+/*
+ * For creating certificate attributes.
+ */
+static const char *cert_attr_names[5][2] = {
+ { "TLS-Client-Cert-Serial", "TLS-Cert-Serial" },
+ { "TLS-Client-Cert-Expiration", "TLS-Cert-Expiration" },
+ { "TLS-Client-Cert-Subject", "TLS-Cert-Subject" },
+ { "TLS-Client-Cert-Issuer", "TLS-Cert-Issuer" },
+ { "TLS-Client-Cert-Common-Name", "TLS-Cert-Common-Name" }
+};
+
+#define EAPTLS_SERIAL (0)
+#define EAPTLS_EXPIRATION (1)
+#define EAPTLS_SUBJECT (2)
+#define EAPTLS_ISSUER (3)
+#define EAPTLS_CN (4)
+
+/*