On 27.02.2018 18:05, Christian Kratzer wrote:
we need to store something between individual sessions with tls session resumption.
See goodies/eaptls_resume_post_auth_hook.pl for an example of how it should be done with current versions. The data to store over resumed authentications is now kept separate from the EAPContext that can be accessed from $p.
In other words, an EAPContext is only alive during one EAP authentication exchange. When a new session is created, a separate store is created and associated with an EAP context. When the this authentication is finished, EAP context is discarded but the separate store remains. When the session is resumed, the separate store is retrieved and associated with an EAP context created anew for this authentication.
The hook shows how to use an API to store and retrieve information from the session's separate store. You can use it to store values with a key and then later retrieve them with the same key.
But the auth.hook cannot access issuer and policy in the EAPContext and later authorization fails because they are missing.
Correct. This EAP context is not the same than the context in the first authentication. The separate store means a bit more work, but a good thing is that there's now an API for this.
The question is how can we store the two strings extracted in EAPTLS_CertificateVerifyHook on first connect so they are available for use on session resumption.
The hook in question should show answer this. Please let us know how it goes.
Thanks, Heikki -- Heikki Vatiainen [email protected] _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
