Porting rlm_eap_tls to GnuTLS - eaptls_handle_idx only needed for session caching?

Carolin Latze carolin.latze at unifr.ch
Fri May 8 14:32:08 CEST 2009

Hi everybody,

I am examining the rlm_eap_tls source code in order to replace the 
OpenSSL calls with GnuTLS calls. That seems to work pretty straight 
forward, but I found some lines of code, where I am not sure, whether I 
understood them right or not:

   *    Register the application indices.  We can't use
   *    hard-coded "0" and "1" as before, because we need to
   *    set up a "free" handler for the cached session
   *    information.
  if (eaptls_handle_idx < 0) {
    eaptls_handle_idx = SSL_get_ex_new_index(0, "eaptls_handle_idx",
                              NULL, NULL, NULL);
  if (eaptls_conf_idx < 0) {
    eaptls_conf_idx = SSL_get_ex_new_index(0, "eaptls_conf_idx",
                       NULL, NULL, NULL);
  if (eaptls_session_idx < 0) {
    eaptls_session_idx = SSL_get_ex_new_index(0, "eaptls_session_idx",
                          NULL, NULL,

I would say, these lines are needed in order to implement session 
caching. Is that right? If yes, I would delete them first in order to 
get a simple setup for the first test and replace them later.


More information about the Freeradius-Devel mailing list