[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Force update of TLS cache
From: Alan DeKok <aland () deployingradius ! com>
Date: 2016-02-29 16:30:41
Message-ID: EC2AC635-0A5C-42F8-A10F-D0BF65F39E98 () deployingradius ! com
[Download RAW message or body]
On Feb 29, 2016, at 11:26 AM, Jonathan Gazeley <Jonathan.Gazeley@bristol.ac.uk> \
wrote:
> The debug log shows that TLS-Session-Id is created in packet 4, in the outer \
> authorize section.
OK, so it should be available in the request.
You may have to copy it to session-state, so it's available in later packets.
> And it does this:
>
> (6) update request {
> (6) TLS-Session-Id skipped: No values available
> (6) } # update request (noop)
>
> I don't understand why the attribute is not available later on in the same session.
Because it's not being added to the session-state attributes. Again, "request" is \
PER PACKET. "session-state" is for the SESSION.
Adding something to the request in packet 4 means ti's not available in the request \
in packet 6. That's what the session-state is for.
The default config should probably add TLS-Session-Id to session-state. I'll take \
a look. But for you, you'll have to do it manually.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic