VALUE EAP-Type NAK 3
VALUE EAP-Type MD5-Challenge 4
VALUE EAP-Type MD5 4
+VALUE EAP-Type EAP-MD5 4
VALUE EAP-Type One-Time-Password 5
VALUE EAP-Type OTP 5
VALUE EAP-Type Generic-Token-Card 6
VALUE EAP-Type GTC 6
+VALUE EAP-Type EAP-GTC 6
VALUE EAP-Type RSA-Public-Key 9
VALUE EAP-Type DSS-Unilateral 10
VALUE EAP-Type KEA 11
VALUE EAP-Type KEA-Validate 12
VALUE EAP-Type TLS 13
+VALUE EAP-Type EAP-TLS 13
VALUE EAP-Type Defender-Token 14
VALUE EAP-Type RSA-SecurID-EAP 15
VALUE EAP-Type Arcot-Systems-EAP 16
VALUE EAP-Type LEAP 17
VALUE EAP-Type Nokia-IP-Smart-Card 18
VALUE EAP-Type SIM 18
+VALUE EAP-Type EAP-SIM 18
VALUE EAP-Type SRP-SHA1 19
# 20 is unassigned
VALUE EAP-Type TTLS 21
+VALUE EAP-Type EAP-TTLS 21
VALUE EAP-Type Remote-Access-Service 22
VALUE EAP-Type AKA 23
+VALUE EAP-Type EAP-AKA 23
VALUE EAP-Type 3Com-Wireless 24
VALUE EAP-Type PEAP 25
VALUE EAP-Type Microsoft-MS-CHAPv2 26
# And this is what most people mean by MS-CHAPv2
#
VALUE EAP-Type MSCHAPv2 26
+VALUE EAP-Type EAP-MSCHAPv2 26
#
# This says TLS, but it's only valid for TTLS & PEAP.
tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, int fd);
fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs);
fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs);
+fr_tls_server_conf_t *tls_server_conf_alloc(TALLOC_CTX *ctx);
SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client);
int tls_handshake_recv(REQUEST *, tls_session_t *ssn);
int tls_handshake_send(REQUEST *, tls_session_t *ssn);
}
this->next = NULL;
- this->when = now + 60;
+ this->when = now + 300;
this->pool = pool;
pthread_mutex_unlock(&pool_free_mutex);
}
return 0;
}
-static fr_tls_server_conf_t *tls_server_conf_alloc(TALLOC_CTX *ctx)
+fr_tls_server_conf_t *tls_server_conf_alloc(TALLOC_CTX *ctx)
{
fr_tls_server_conf_t *conf;
char *hexbuf = NULL;
DH *aaa_server_dh;
- tls = talloc_zero( hs, fr_tls_server_conf_t);
+ tls = fr_tls_server_conf_alloc(hs);
if (!tls) return NULL;
aaa_server_dh = tid_srvr_get_dh(server);
hs->secret = talloc_strdup(hs, "radsec");
hs->response_window.tv_sec = 30;
hs->last_packet_recv = time(NULL);
-
+ /*
+ * We want sockets using these servers to close as soon as possible,
+ * to make sure that whenever a pool is replaced, sockets using old ones
+ * will not last long (hopefully less than 300s).
+ */
+ hs->limit.idle_timeout = 5;
hs->tls = construct_tls(inst, hs, blk);
if (!hs->tls) goto error;
}
/*
- * This server has received a packet in the last
- * 5 minutes. It doesn't need an update.
- */
- if ((now - server->last_packet_recv) < 300) {
- return false;
- }
-
- /*
* If we've opened in the last 10 minutes, then
* open rather than update.
*/
conn->row = NULL;
SQLFreeStmt(conn->stmt, SQL_DROP);
+ conn->stmt = NULL;
return 0;
}