Force update of TLS cache

Jonathan Gazeley Jonathan.Gazeley at
Mon Feb 29 16:59:16 CET 2016

On 29/02/16 15:22, Alan DeKok wrote:
> On Feb 29, 2016, at 10:09 AM, Jonathan Gazeley <Jonathan.Gazeley at> wrote:
>> cache cache_tls_session {
>>   driver = "rlm_cache_rbtree"
>>   key = &TLS-Session-Id
>    Which is the *outer* TLS-Sesson-Id.

Thanks - hadn't realised this.
>    i.e. you can't use the module inside of the TLS tunnel, because the TLS-Session-Id doesn't exist.  That's why the module is failing.
>    So... you've got to copy it:

I added code as you suggested. It seems to be unable to copy the 
TLS-Session-Id attribute. The following was executed in inner post-auth 
section, but also choked with the same result when being executed in the 
inner authorize section.

(8)        update request {
(8)          TLS-Session-Id skipped: No values available
(8)        } # update request (noop)
(8)        cache_tls_session (fail)

Any suggestions?


More information about the Freeradius-Users mailing list