* user.
*/
if ((!tls_session->allow_session_resumption) ||
- (((vp = pairfind(request->config_items, 1127)) != NULL) &&
+ (((vp = pairfind(request->config_items, 1127, 0)) != NULL) &&
(vp->vp_integer == 0))) {
SSL_CTX_remove_session(tls_session->ctx,
tls_session->ssl->session);
} else if (!SSL_session_reused(tls_session->ssl)) {
RDEBUG2("Saving response in the cache");
- vp = paircopy2(request->reply->vps, PW_USER_NAME);
+ vp = paircopy2(request->reply->vps, PW_USER_NAME, 0);
pairadd(&vps, vp);
- vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME);
+ vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0);
pairadd(&vps, vp);
if (vps) {
SSL_SESSION_set_ex_data(tls_session->ssl->session,
eaptls_session_idx, vps);
+ } else {
+ RDEBUG2("WARNING: No information to cache: session caching will be disabled for this session.");
+ SSL_CTX_remove_session(tls_session->ctx,
+ tls_session->ssl->session);
}
/*
eaptls_session_idx);
if (!vp) {
RDEBUG("WARNING: No information in cached session!");
+ return eaptls_fail(handler, peap_flag);
+ } else {
+ RDEBUG("Adding cached attributes to the reply:");
+ debug_pair_list(vp);
+ pairadd(&request->reply->vps, paircopy(vp));
+
/*
- * FIXME: Call eaptls_fail, and return 0
+ * Mark the request as resumed.
*/
- return 1;
+ vp = pairmake("EAP-Session-Resumed", "1", T_OP_SET);
+ if (vp) pairadd(&request->packet->vps, vp);
}
-
- RDEBUG("Adding cached attributes to the reply:");
- debug_pair_list(vp);
- pairadd(&request->reply->vps, paircopy(vp));
}
/*
eaptls_gen_mppe_keys(&handler->request->reply->vps,
tls_session->ssl, tls_session->prf_label);
} else {
- REQUEST *request = handler->request;
-
RDEBUG("WARNING: Not adding MPPE keys because there is no PRF label");
}
return EAPTLS_FAIL;
case handshake:
- if (tls_session->info.handshake_type == finished) {
+ if ((tls_session->info.handshake_type == finished) &&
+ (tls_session->dirty_out.used == 0)) {
RDEBUG2("ACK handshake is finished");
/*
RDEBUG2("Received EAP-TLS ACK message");
return eaptls_ack_handler(handler);
#else
- if (prev_eap_ds->request->id == eap_ds->response->id) {
+ if (prev_eap_ds &&
+ (prev_eap_ds->request->id == eap_ds->response->id)) {
/*
* Run the ACK handler directly from here.
*/
* If more info
* is required then send another request.
*/
- if (!tls_handshake_recv(tls_session)) {
+ if (!tls_handshake_recv(handler->request, tls_session)) {
DEBUG2("TLS receive handshake failed during operation");
eaptls_fail(handler, tls_session->peap_flag);
return EAPTLS_FAIL;
projects / freeradius.git / blobdiff