[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Force update of TLS cache
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2016-02-29 16:30:41
Message-ID: EC2AC635-0A5C-42F8-A10F-D0BF65F39E98 () deployingradius ! com
[Download RAW message or body]

On Feb 29, 2016, at 11:26 AM, Jonathan Gazeley <Jonathan.Gazeley@bristol.ac.uk> \
wrote:
> The debug log shows that TLS-Session-Id is created in packet 4, in the outer \
> authorize section.

  OK, so it should be available in the request.

  You may have to copy it to session-state, so it's available in later packets.  

> And it does this:
> 
> (6)        update request {
> (6)          TLS-Session-Id skipped: No values available
> (6)        } # update request (noop)
> 
> I don't understand why the attribute is not available later on in the same session.

  Because it's not being added to the session-state attributes.  Again, "request" is \
PER PACKET.  "session-state" is for the SESSION.

  Adding something to the request in packet 4 means ti's not available in the request \
in packet 6.  That's what the session-state is for.

  The default config should probably add TLS-Session-Id to session-state.  I'll take \
a look.  But for you, you'll have to do it manually.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]