| Description: disable session caching in the server (as opposed to in the |
| config, which would be way harder to get right) to address |
| https://security-tracker.debian.org/tracker/CVE-2017-9148 |
| Author: Michael Stapelberg <stapelberg@debian.org> |
| Forwarded: not-needed |
| Last-Update: 2020-04-28 |
| |
| --- |
| |
| --- a/src/main/tls.c |
| +++ b/src/main/tls.c |
| @@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CT |
| state->mtu = vp->vp_integer; |
| } |
| |
| - if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */ |
| + if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */ |
| |
| return state; |
| } |
| @@ -3332,7 +3332,7 @@ post_ca: |
| /* |
| * Callbacks, etc. for session resumption. |
| */ |
| - if (conf->session_cache_enable) { |
| + if (/*conf->session_cache_enable*/0) { |
| /* |
| * Cache sessions on disk if requested. |
| */ |
| @@ -3402,7 +3402,7 @@ post_ca: |
| /* |
| * Setup session caching |
| */ |
| - if (conf->session_cache_enable) { |
| + if (/*conf->session_cache_enable*/0) { |
| /* |
| * Create a unique context Id per EAP-TLS configuration. |
| */ |
| @@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_pa |
| goto error; |
| } |
| |
| - if (conf->session_cache_enable) { |
| + if (/*conf->session_cache_enable*/0) { |
| CONF_SECTION *subcs; |
| CONF_ITEM *ci; |
| |