Hi all,
I've completed the implementation of rekeying capabilities for the Trust
Router client in FreeRADIUS. This functionality basically consists of a
dedicated thread which negotiates, in the background, new TLS keys for
existing dynamic REALMs before they expire. The achieved aim is to
prevent the performance issues that appear when this re-negotiation
happens in the foreground as a consequence of a end user authentication,
which can then take up to 10 seconds (due to the TR protocol), or even fail.
Performing this task in the background with the enough margin of time
ensures that new keys replace old ones before expiration happens.
You can find the pull request here:
https://github.com/FreeRADIUS/freeradius-server/pull/2007
You are more than welcome to join the conversation, comment on the code,
etc.
Best regards,
Alejandro
|