Hi Heikki, thanks. the eaptl_resume_post_auth_hook.pl works perfectly in our setup.
We fetch certificate issuer and policy in the EAPTLS_CertificateVerifyHook and use the eaptl_resume_post_auth_hook.pl with very minor adjustments for our use case. Greetings Christian — Christian Kratzer CK Software GmbH Email: [email protected] Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ > On 28. Feb 2018, at 20:56, Heikki Vatiainen <[email protected]> wrote: > > On 27.02.2018 18:05, Christian Kratzer wrote: > >> we need to store something between individual sessions with tls session >> resumption. > > See goodies/eaptls_resume_post_auth_hook.pl for an example of how it should > be done with current versions. The data to store over resumed authentications > is now kept separate from the EAPContext that can be accessed from $p. > > In other words, an EAPContext is only alive during one EAP authentication > exchange. When a new session is created, a separate store is created and > associated with an EAP context. When the this authentication is finished, EAP > context is discarded but the separate store remains. When the session is > resumed, the separate store is retrieved and associated with an EAP context > created anew for this authentication. > > The hook shows how to use an API to store and retrieve information from the > session's separate store. You can use it to store values with a key and then > later retrieve them with the same key. > >> But the auth.hook cannot access issuer and policy in the EAPContext and >> later authorization fails because they are missing. > > Correct. This EAP context is not the same than the context in the first > authentication. The separate store means a bit more work, but a good thing is > that there's now an API for this. > >> The question is how can we store the two strings extracted in >> EAPTLS_CertificateVerifyHook on first connect so they are available for use >> on session resumption. > > The hook in question should show answer this. Please let us know how it goes. > > Thanks, > Heikki > > -- > Heikki Vatiainen > [email protected] > _______________________________________________ > radiator mailing list > [email protected] > http://lists.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
