On Apr 13, 2016, at 12:15 PM, Anirudh Malhotra <8zero2ops@gmail.com> wrote:
Hi Arran,
Thanks for your reply. I posted a question earlier http://lists.freeradius.org/pipermail/freeradius-users/2016-April/083081.htm...
I am facing some issue in session resumption can you please look at that question else i will have go through the source code which i am not good at :p
If you move to v3.1.x i'd be happy to help you :) I don't believe the v3.0.x code associates the &session-state: list with the actual SSL_SESSION struct, and i'm also pretty sure we don't expose the session ID as an attribute, meaning there's no proper way to bind cache entries to SSL sessions. In v3.1.x you can cache the session-state list, the TLS session resumption blob, and the certificate attributes all together in the same entry. It lets you write much saner configurations. The idea is that you can populate the session-state list with any autz data from LDAP or SQL, and have the contents of that list persist across all resumptions of that session. We're not creating new sessions when a session is resumed, so it seems appropriate that session-state should persist. -Arran