#
cache {
#
- # Enable it. The default is "no".
- # Deleting the entire "cache" subsection
- # also disables caching.
+ # Enable it. The default is "no". Deleting the entire "cache"
+ # subsection also disables caching.
#
- # You can disallow resumption for a
- # particular user by adding the following
- # attribute to the control item list:
+ # You can disallow resumption for a particular user by adding the
+ # following attribute to the control item list:
#
- # Allow-Session-Resumption = No
+ # Allow-Session-Resumption = No
#
- # If "enable = no" below, you CANNOT
- # enable resumption for just one user
- # by setting the above attribute to "yes".
+ # If "enable = no" below, you CANNOT enable resumption for just one
+ # user by setting the above attribute to "yes".
#
enable = yes
#
- # Lifetime of the cached entries, in hours.
- # The sessions will be deleted after this
- # time.
+ # Internal "name" of the session cache. Used to distinguish which
+ # TLS context sessions belong to.
+ #
+ # The server will generate a random value if unset. This will change
+ # across server restart so you MUST set the "name" if you want to
+ # persist sessions (see below).
+ #
+# name = "EAP module"
+
+ #
+ # Lifetime of the cached entries, in hours. The sessions will be
+ # deleted/invalidated after this time.
#
lifetime = 24 # hours
#include <ctype.h>
#ifdef WITH_TLS
-#ifdef HAVE_OPENSSL_RAND_H
-#include <openssl/rand.h>
-#endif
+# ifdef HAVE_OPENSSL_RAND_H
+# include <openssl/rand.h>
+# endif
-#ifdef HAVE_OPENSSL_OCSP_H
-#include <openssl/ocsp.h>
-#endif
+# ifdef HAVE_OPENSSL_OCSP_H
+# include <openssl/ocsp.h>
+# endif
+
+# ifdef HAVE_OPENSSL_EVP_H
+# include <openssl/evp.h>
+# endif
+# include <openssl/ssl.h>
#ifdef ENABLE_OPENSSL_VERSION_CHECK
typedef struct libssl_defect {
static CONF_PARSER cache_config[] = {
{ "enable", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, session_cache_enable), "no" },
+
{ "lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, session_timeout), "24" },
- { "max_entries", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, session_cache_size), "255" },
{ "name", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, session_id_name), NULL },
+
+ { "max_entries", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, session_cache_size), "255" },
{ "persist_dir", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, session_cache_path), NULL },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
/*
* Create SSL context
*
- * - Load the trusted CAs
- * - Load the Private key & the certificate
- * - Set the Context options & Verify options
+/** Create SSL context
+ *
+ * - Load the trusted CAs
+ * - Load the Private key & the certificate
+ * - Set the Context options & Verify options
*/
SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client)
{
* Create a unique context Id per EAP-TLS configuration.
*/
if (conf->session_id_name) {
- snprintf(conf->session_context_id,
- sizeof(conf->session_context_id),
- "FR eap %s",
- conf->session_id_name);
+ snprintf(conf->session_context_id, sizeof(conf->session_context_id),
+ "FR eap %s", conf->session_id_name);
} else {
- snprintf(conf->session_context_id,
- sizeof(conf->session_context_id),
+ snprintf(conf->session_context_id, sizeof(conf->session_context_id),
"FR eap %p", conf);
}