3.0.x: persistent TLS session cache

Alan DeKok aland at deployingradius.com
Mon Feb 3 16:23:19 CET 2014


Stefan Winter wrote:
> 9b8b9b86357428cced36cd4aac564d9b17a6258cd84cf070b38a974eb563f62c to cache
>   SSL: could not open session file
> %{logdir}/tlscache-eduroam-users/9b8b9b86357428cced36cd4aac564d9b17a6258cd84cf070b38a974eb563f62c.asn1:

  That filename isn't dynamically expanded.  You need to use ${logdir}

> Well, I used %{logdir} in my persist_dir setting in the config alright,

  It's probably wrong.

> but... looking at the code, this debug message prints exactly what's
> being used for the open() call - so %{logdir} should have been expanded
> to the literal path, right?
> 
> Is there some xlat() missing here?

  Maybe.

  You also need to separate *configuration* variables from *request*
variables.  The configuration variables are static, and read from the
config files.  They're ${foo}.  The request variables are dynamic, and
change with every request.  They're all %{foo}

  %{logdir} is wrong.  It's interpreted as a request attribute.  But the
'logdir' attribute doesn't exist, so it expands to nothing.

  %{User-Name} is very different from ${logdir}.

  Alan DeKok.


More information about the Freeradius-Devel mailing list