Loading...
Searching...
No Matches
TLS and DTLS related functions. More...
Macros | |
| #define | DEFAULT_DTLS_SECRET "radius/dtls" |
| #define | DEFAULT_TLS_SECRET "radsec" |
| #define | TIME_ALIVE 120 |
Typedefs | |
| typedef struct tls_int_st | tls_int_st |
| typedef struct tls_st | tls_st |
Functions | |
| int | rc_tls_fd (rc_handle *rh) |
| int | rc_check_tls (rc_handle *rh) |
Detailed Description
TLS and DTLS related functions.
Note that, that API is for improving TLS and DTLS support in an application. Applications are not required to use this API to support them. TLS and DTLS support can be enabled by the administrator transparently from the radiusclient configuration file.
Macro Definition Documentation
◆ DEFAULT_DTLS_SECRET
◆ DEFAULT_TLS_SECRET
◆ TIME_ALIVE
Function Documentation
◆ rc_check_tls()
| int rc_check_tls | ( | rc_handle * | rh | ) |
Check established TLS/DTLS channels for operation and reconnect if needed
Probes the TLS or DTLS session with a TLS heartbeat and reconnects if the session is dead. Must be called when no other thread is using the session (e.g., from a dedicated watchdog thread that holds the lock).
- Note
- It is recommended not to use this function. The TLS heartbeat extension (RFC 6520) has been disabled or removed by default in many implementations following the Heartbleed vulnerability (CVE-2014-0160), and may not be supported by the server. Prefer relying on the built-in auto-detection: a dead session is detected transparently on the next rc_auth() or rc_acct() call, which reconnects automatically before sending the request.
- Parameters
-
rh a handle to parsed configuration
- Returns
- 0 on success or when TLS/DTLS is not in use, -1 if the session could not be re-established
◆ rc_tls_fd()
| int rc_tls_fd | ( | rc_handle * | rh | ) |
Generated by
1.14.0