diff mbox series

[2/2] station: Add EnableEAPTLSCache bool setting

Message ID 20230127123137.3274713-2-andrew.zaborowski@intel.com (mailing list archive)
State New
Headers show
Series [1/2] eap-tls: Drop cached session when phase2 fails | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
prestwoj/iwd-ci-gitlint success GitLint

Commit Message

Andrew Zaborowski Jan. 27, 2023, 12:31 p.m. UTC 
Seeing that some authenticators can't seem to handle TLS session caching
properly, guard the EAP-TLS-based methods session caching support behind
a global [Network].EnableEAPTLSCache setting.  Defaults to false.

With the previous commit, authentication should succeed at least every
other attempt.  I'd also expect that EAP-TLS is not usually affected
because there's no phase2, unlike with EAP-PEAP/EAP-TTLS.
---
 src/station.c | 7 +++++++
 1 file changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/src/station.c b/src/station.c
index 7f1a1e24..c92c0d96 100644
--- a/src/station.c
+++ b/src/station.c
@@ -5053,6 +5053,8 @@  static void station_known_networks_changed(enum known_networks_event event,
 
 static int station_init(void)
 {
+	bool eap_tls_cache;
+
 	station_list = l_queue_new();
 	netdev_watch = netdev_watch_add(station_netdev_watch, NULL, NULL);
 	l_dbus_register_interface(dbus_get_bus(), IWD_STATION_INTERFACE,
@@ -5103,6 +5105,11 @@  static int station_init(void)
 
 	watchlist_init(&event_watches, NULL);
 
+	if (!l_settings_get_bool(iwd_get_config(), "Network",
+				"EnableEAPTLSCache", &eap_tls_cache) ||
+			!eap_tls_cache)
+		return 0;
+
 	eap_tls_set_session_cache_ops(storage_eap_tls_cache_load,
 					storage_eap_tls_cache_sync);
 	known_networks_watch = known_networks_watch_add(