Not all calls to fr_tls_call_push require the session cache

Author: ndptech

src/lib/tls/base-h

@@ -172,7 +172,7 @@ void		fr_tls_dict_free(void);
  *	tls/virtual_server.c
  */
 unlang_action_t fr_tls_call_push(request_t *child, unlang_function_t resume,
-			       	 fr_tls_conf_t *conf, fr_tls_session_t *tls_session);
+			       	 fr_tls_conf_t *conf, fr_tls_session_t *tls_session, bool cache_required);
 
 #ifdef __cplusplus
 }

src/lib/tls/cache.c

@@ -446,7 +446,7 @@ static unlang_action_t tls_cache_load_push(request_t *request, fr_tls_session_t
 	 *	Allocate a child, and set it up to call
 	 *      the TLS virtual server.
 	 */
-	ua = fr_tls_call_push(child, tls_cache_load_result, conf, tls_session);
+	ua = fr_tls_call_push(child, tls_cache_load_result, conf, tls_session, true);
 	if (ua < 0) {
 		talloc_free(child);
 		tls_cache_load_state_reset(request, tls_cache);
@@ -586,7 +586,7 @@ unlang_action_t tls_cache_store_push(request_t *request, fr_tls_conf_t *conf, fr
 	 *	Allocate a child, and set it up to call
 	 *      the TLS virtual server.
 	 */
-	ua = fr_tls_call_push(child, tls_cache_store_result, conf, tls_session);
+	ua = fr_tls_call_push(child, tls_cache_store_result, conf, tls_session, true);
 	if (ua < 0) goto error;
 
 	return ua;
@@ -655,7 +655,7 @@ unlang_action_t tls_cache_clear_push(request_t *request, fr_tls_conf_t *conf, fr
 	 *	Allocate a child, and set it up to call
 	 *      the TLS virtual server.
 	 */
-	ua = fr_tls_call_push(child, tls_cache_clear_result, conf, tls_session);
+	ua = fr_tls_call_push(child, tls_cache_clear_result, conf, tls_session, true);
 	if (ua < 0) {
 		talloc_free(child);
 		tls_cache_clear_state_reset(request, tls_cache);

src/lib/tls/session.c

@@ -1170,7 +1170,7 @@ unlang_action_t tls_establish_session_push(request_t *request, fr_tls_conf_t *co
 	 *	Allocate a child, and set it up to call
 	 *      the TLS virtual server.
 	 */
-	ua = fr_tls_call_push(child, tls_establish_session_result, conf, tls_session);
+	ua = fr_tls_call_push(child, tls_establish_session_result, conf, tls_session, false);
 	if (ua < 0) {
 		talloc_free(child);
 		return UNLANG_ACTION_FAIL;

src/lib/tls/verify.c

@@ -467,7 +467,7 @@ static unlang_action_t tls_verify_client_cert_push(request_t *request, fr_tls_se
 	 *	Allocate a child, and set it up to call
 	 *      the TLS virtual server.
 	 */
-	ua = fr_tls_call_push(child, tls_verify_client_cert_result, conf, tls_session);
+	ua = fr_tls_call_push(child, tls_verify_client_cert_result, conf, tls_session, false);
 	if (ua < 0) {
 	        PERROR("Failed calling TLS virtual server");
 		talloc_free(child);

src/lib/tls/virtual_server.c

@@ -43,14 +43,19 @@
  *				be a pointer to the provided tls_session.
  * @param[in] conf		the tls configuration.
  * @param[in] tls_session	The current tls_session.
+ * @param[in] cache_required	Does this action require the tls cache
  * @return
  *      - 0 on success.
  *	- -1 on failure.
  */
 unlang_action_t fr_tls_call_push(request_t *child, unlang_function_t resume,
-				 fr_tls_conf_t *conf, fr_tls_session_t *tls_session)
+				 fr_tls_conf_t *conf, fr_tls_session_t *tls_session,
+#ifdef NDEBUG
+				 UNUSED
+#endif
+				 bool cache_required)
 {
-	fr_assert(tls_session->cache);
+	fr_assert(tls_session->cache || !cache_required);
 
 	/*
 	 *	Sets up a dispatch frame in the parent