From 846eb460040cab9c61f16a5c44f7324cf7eb29c5 Mon Sep 17 00:00:00 2001
From: Jonathan Gazeley <jonathan.gazeley@bristol.ac.uk>
Date: Wed, 10 Feb 2016 14:32:21 +0000
Subject: [PATCH] Revert "Package tls-cache locally as it isn't available in
 the 3.0.x RPM"

This reverts commit c124da250eed09f0316608a3bdcbf0d9b5e3315d.
---
 files/tls-cache   | 136 ----------------------------------------------
 manifests/init.pp |   9 +--
 2 files changed, 5 insertions(+), 140 deletions(-)
 delete mode 100644 files/tls-cache

diff --git a/files/tls-cache b/files/tls-cache
deleted file mode 100644
index 033dc85..0000000
--- a/files/tls-cache
+++ /dev/null
@@ -1,136 +0,0 @@
-######################################################################
-#
-#  This virtual server controls caching of TLS sessions.
-#
-#  When a TLS session is used, the server will automatically create
-#  the following attributes in the session-state list.  These attributes
-#  are the the ones for the *server* certificate.
-#
-#	       TLS-Cert-Serial
-#	       TLS-Cert-Expiration
-#	       TLS-Cert-Subject
-#	       TLS-Cert-Issuer
-#	       TLS-Cert-Common-Name
-#	       TLS-Cert-Subject-Alt-Name-Email
-#
-#  If a client certificate is required (e.g. EAP-TLS or sometimes PEAP / TTLS),
-#  the following attributes are also created in the session-state list:
-#
-#	       TLS-Client-Cert-Serial
-#	       TLS-Client-Cert-Expiration
-#	       TLS-Client-Cert-Subject
-#	       TLS-Client-Cert-Issuer
-#	       TLS-Client-Cert-Common-Name
-#	       TLS-Client-Cert-Subject-Alt-Name-Email
-#
-#
-#	$Id$
-#
-######################################################################
-server tls-cache {
-
-#
-#  Only the "authorize" section is needed.
-#  Only the listed Autz-Types are used.
-#  Everything else in the virtual server is ignored.
-#
-#  The attribute &TLS-Session-Id is set to the identity
-#  of the session to read / write / delete from the cache.  This
-#  identity is an opaque blob.
-#
-authorize {
-
-	#
-	#  This section is run whenever the server needs to read an
-	#  entry from the TLS session cache.
-	#
-	#  It should read the attribute &session-state:TLS-Session-Data
-	#  from the cache, along with any other attributes which
-	#  were in the cache
-	#
-	#  On success it should return 'ok' or 'updated'.
-	#
-	#  The return code has no real effect on session processing
-	#  and will just cause the server to emit a warning.
-	#
-	Autz-Type Session-Cache-Read {
-		update control {
-			Cache-Allow-Insert := no
-		}
-		cache_tls_session
-	}
-
-	#
-	#  This section is run whenever the server needs to write an
-	#  entry to the TLS session cache.
-	#
-	#  It should write the attribute &session-state:TLS-Session-Data
-	#  to the cache, along with any other attributes which
-	#  need to be cached.
-	#
-	#  On success it should return 'ok' or 'updated'.
-	#
-	#  The return code has no real effect on session processing
-	#  and will just cause the server to emit a warning.
-	#
-	Autz-Type Session-Cache-Write {
-		update control {
-			Cache-TTL := 0
-		}
-		cache_tls_session
-	}
-
-	#
-	#  This section is run whenever the server needs to delete an
-	#  entry from the TLS session cache.
-	#
-	#  On success it should return 'ok', 'updated', 'noop' or 'notfound'
-	#
-	#  The return code has no real effect on session processing
-	#  and will just cause the server to emit a warning.
-	#
-	Autz-Type Session-Cache-Delete {
-		update control {
-			Cache-TTL := 0
-			Cache-Allow-Insert := no
-		}
-		cache_tls_session
-	}
-
-	#
-	#  This section is run after certificate attributes are added
-	#  to the request list, and before performing OCSP validation.
-	#
-	#  It should read the attribute &control:TLS-OCSP-Cert-Valid
-	#  from the cache.
-	#
-	#  On success it should return 'ok', 'updated', 'noop' or 'notfound'
-	#  To force OCSP validation failure, it should return 'reject'.
-	#
-	Autz-Type OCSP-Cache-Read {
-		update control {
-			Cache-Allow-Insert := no
-		}
-		cache_ocsp
-	}
-
-	#
-	#  This section is run after OCSP validation has completed.
-	#
-	#  It should write the attribute &reply:TLS-OCSP-Cert-Valid
-	#  to the cache.
-	#
-	#  On success it should return 'ok' or 'updated'.
-	#
-	#  The return code has no real effect on session processing
-	#  and will just cause the server to emit a warning.
-	#
-	Autz-Type OCSP-Cache-Write {
-		update control {
-			Cache-TTL := "%{expr:&reply:TLS-OCSP-Next-Update * -1}"
-			Cache-Allow-Merge := no
-		}
-		cache_ocsp
-	}
-}
-}
diff --git a/manifests/init.pp b/manifests/init.pp
index cefebd0..c54e2ba 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -73,10 +73,11 @@ class freeradius (
     ensure => absent,
   }
 
-  # Install tls-cache from packaged file. This should be available in the RPM
-  #  when FR 3.1.x is released. This is not harmful to enable globally.
-  freeradius::site { 'tls-cache':
-    source => 'puppet:///modules/freeradius/tls-cache',
+  # Create symlink to enable tls-cache server
+  # This is not harmful to enable globally
+  file { "${freeradius::fr_basepath}/sites-enabled/tls-cache":
+    ensure => link,
+    target => "${freeradius::fr_basepath}/sites-available/tls-cache",
   }
 
   # Set up concat policy file, as there is only one global policy
-- 
GitLab