| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | Description: disable session caching in the server (as opposed to in the |
| 2 | config, which would be way harder to get right) to address |
| 3 | https://security-tracker.debian.org/tracker/CVE-2017-9148 |
| 4 | Author: Michael Stapelberg <stapelberg@debian.org> |
| 5 | Forwarded: not-needed |
| 6 | Last-Update: 2020-04-28 |
| 7 | |
| 8 | --- |
| 9 | |
| 10 | --- a/src/main/tls.c |
| 11 | +++ b/src/main/tls.c |
| 12 | @@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CT |
| 13 | state->mtu = vp->vp_integer; |
| 14 | } |
| 15 | |
| 16 | - if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */ |
| 17 | + if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */ |
| 18 | |
| 19 | return state; |
| 20 | } |
| 21 | @@ -3332,7 +3332,7 @@ post_ca: |
| 22 | /* |
| 23 | * Callbacks, etc. for session resumption. |
| 24 | */ |
| 25 | - if (conf->session_cache_enable) { |
| 26 | + if (/*conf->session_cache_enable*/0) { |
| 27 | /* |
| 28 | * Cache sessions on disk if requested. |
| 29 | */ |
| 30 | @@ -3402,7 +3402,7 @@ post_ca: |
| 31 | /* |
| 32 | * Setup session caching |
| 33 | */ |
| 34 | - if (conf->session_cache_enable) { |
| 35 | + if (/*conf->session_cache_enable*/0) { |
| 36 | /* |
| 37 | * Create a unique context Id per EAP-TLS configuration. |
| 38 | */ |
| 39 | @@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_pa |
| 40 | goto error; |
| 41 | } |
| 42 | |
| 43 | - if (conf->session_cache_enable) { |
| 44 | + if (/*conf->session_cache_enable*/0) { |
| 45 | CONF_SECTION *subcs; |
| 46 | CONF_ITEM *ci; |
| 47 | |