Skip to content
Snippets Groups Projects
Select Git revision
  • fe715f3fec50599360fd35990aa63e0180204e08
  • master default protected
  • release_3.0.0
  • test
  • feature_pre_sql
  • develop
  • 3.0.1
  • 3.0.0
  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 1.3.7
  • 1.3.6
  • 1.3.5
  • 1.3.4
  • 1.3.3
  • 1.3.2
  • 1.3.1
  • 1.3.0
  • 1.2.6
  • 1.2.5
  • 1.2.4
  • 1.2.3
  • 1.2.2
  • 1.2.1
26 results

local.php.dist

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    tls-cache 3.61 KiB 
    ######################################################################
#
#  This virtual server controls caching of TLS sessions.
#
#  When a TLS session is used, the server will automatically create
#  the following attributes in the session-state list.  These attributes
#  are the the ones for the *server* certificate.
#
#	       TLS-Cert-Serial
#	       TLS-Cert-Expiration
#	       TLS-Cert-Subject
#	       TLS-Cert-Issuer
#	       TLS-Cert-Common-Name
#	       TLS-Cert-Subject-Alt-Name-Email
#
#  If a client certificate is required (e.g. EAP-TLS or sometimes PEAP / TTLS),
#  the following attributes are also created in the session-state list:
#
#	       TLS-Client-Cert-Serial
#	       TLS-Client-Cert-Expiration
#	       TLS-Client-Cert-Subject
#	       TLS-Client-Cert-Issuer
#	       TLS-Client-Cert-Common-Name
#	       TLS-Client-Cert-Subject-Alt-Name-Email
#
#
#	$Id$
#
######################################################################
server tls-cache {

#
#  Only the "authorize" section is needed.
#  Only the listed Autz-Types are used.
#  Everything else in the virtual server is ignored.
#
#  The attribute &TLS-Session-Id is set to the identity
#  of the session to read / write / delete from the cache.  This
#  identity is an opaque blob.
#
authorize {

	#
	#  This section is run whenever the server needs to read an
	#  entry from the TLS session cache.
	#
	#  It should read the attribute &session-state:TLS-Session-Data
	#  from the cache, along with any other attributes which
	#  were in the cache
	#
	#  On success it should return 'ok' or 'updated'.
	#
	#  The return code has no real effect on session processing
	#  and will just cause the server to emit a warning.
	#
	Autz-Type Session-Cache-Read {
		update control {
			Cache-Allow-Insert := no
		}
		cache_tls_session
	}

	#
	#  This section is run whenever the server needs to write an
	#  entry to the TLS session cache.
	#
	#  It should write the attribute &session-state:TLS-Session-Data
	#  to the cache, along with any other attributes which
	#  need to be cached.
	#