3.0.x: persistent TLS session cache

Stefan Winter stefan.winter at restena.lu
Mon Feb 3 15:04:10 CET 2014


now on 3.0.x to follow the die on exit code fixes... and found something

I've configured TLS session caches in mods-enabled/eap. The directory to
cache sessions in exists, and with the user radiusd on the shell I can
touch files in that directory. And yet:

(3) eap_peap :     TLS_accept: SSLv3 write finished A
(3) eap_peap :     TLS_accept: SSLv3 flush data
  SSL: adding session
9b8b9b86357428cced36cd4aac564d9b17a6258cd84cf070b38a974eb563f62c to cache
  SSL: could not open session file

(3) eap_peap :     (other): SSL negotiation finished successfully
SSL Connection Established

Well, I used %{logdir} in my persist_dir setting in the config alright,
but... looking at the code, this debug message prints exactly what's
being used for the open() call - so %{logdir} should have been expanded
to the literal path, right?

Is there some xlat() missing here?


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140203/9e8585f5/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140203/9e8585f5/attachment-0001.pgp>

More information about the Freeradius-Devel mailing list