You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

47 lines
1.3 KiB

  1. Description: disable session caching in the server (as opposed to in the
  2. config, which would be way harder to get right) to address
  3. https://security-tracker.debian.org/tracker/CVE-2017-9148
  4. Author: Michael Stapelberg <stapelberg@debian.org>
  5. Forwarded: not-needed
  6. Last-Update: 2020-01-24
  7. ---
  8. --- a/src/main/tls.c
  9. +++ b/src/main/tls.c
  10. @@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
  11. state->mtu = vp->vp_integer;
  12. }
  13. - if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */
  14. + if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */
  15. return state;
  16. }
  17. @@ -3292,7 +3292,7 @@ post_ca:
  18. /*
  19. * Callbacks, etc. for session resumption.
  20. */
  21. - if (conf->session_cache_enable) {
  22. + if (/*conf->session_cache_enable*/0) {
  23. /*
  24. * Cache sessions on disk if requested.
  25. */
  26. @@ -3362,7 +3362,7 @@ post_ca:
  27. /*
  28. * Setup session caching
  29. */
  30. - if (conf->session_cache_enable) {
  31. + if (/*conf->session_cache_enable*/0) {
  32. /*
  33. * Create a unique context Id per EAP-TLS configuration.
  34. */
  35. @@ -3531,7 +3531,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
  36. goto error;
  37. }
  38. - if (conf->session_cache_enable) {
  39. + if (/*conf->session_cache_enable*/0) {
  40. CONF_SECTION *subcs;
  41. CONF_ITEM *ci;