Force update of TLS cache
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Mon Feb 29 16:59:16 CET 2016
On 29/02/16 15:22, Alan DeKok wrote:
> On Feb 29, 2016, at 10:09 AM, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
>> cache cache_tls_session {
>> driver = "rlm_cache_rbtree"
>> key = &TLS-Session-Id
>
> Which is the *outer* TLS-Sesson-Id.
Thanks - hadn't realised this.
>
> i.e. you can't use the module inside of the TLS tunnel, because the TLS-Session-Id doesn't exist. That's why the module is failing.
>
> So... you've got to copy it:
>
I added code as you suggested. It seems to be unable to copy the
TLS-Session-Id attribute. The following was executed in inner post-auth
section, but also choked with the same result when being executed in the
inner authorize section.
(8) update request {
(8) TLS-Session-Id skipped: No values available
(8) } # update request (noop)
(8) cache_tls_session (fail)
Any suggestions?
Thanks,
Jonathan
More information about the Freeradius-Users
mailing list