diff options
author | Nathan Skrzypczak <nathan.skrzypczak@gmail.com> | 2019-09-13 11:08:13 +0200 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2019-10-09 01:09:11 +0000 |
commit | 79f89537c6fd3baeac03354a3381f42895fe2ca8 (patch) | |
tree | 967f83e5a26a4fcfb7857c122d2217a1094f9942 /src/plugins/quic/quic.c | |
parent | ff5a9b6ecd744ff5c42e6c2388dd31a338ea6a0c (diff) |
session: Add certificate store
Type: feature
This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.
This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs
Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Diffstat (limited to 'src/plugins/quic/quic.c')
-rw-r--r-- | src/plugins/quic/quic.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c index e9df9ff5025..6648a413e65 100644 --- a/src/plugins/quic/quic.c +++ b/src/plugins/quic/quic.c @@ -855,11 +855,12 @@ quic_encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls, } static void -quic_store_quicly_ctx (application_t * app, u8 is_client) +quic_store_quicly_ctx (application_t * app, u32 cert_key_index) { quic_main_t *qm = &quic_main; quicly_context_t *quicly_ctx; ptls_iovec_t key_vec; + app_cert_key_pair_t *ckpair; if (app->quicly_ctx) return; @@ -910,16 +911,15 @@ quic_store_quicly_ctx (application_t * app, u8 is_client) quicly_new_default_cid_encryptor (&ptls_openssl_bfecb, &ptls_openssl_aes128ecb, &ptls_openssl_sha256, key_vec); - if (is_client) - return; - if (app->tls_key != NULL && app->tls_cert != NULL) + + ckpair = app_cert_key_pair_get_if_valid (cert_key_index); + if (ckpair && ckpair->key != NULL && ckpair->cert != NULL) { - if (load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key)) + if (load_bio_private_key (quicly_ctx->tls, (char *) ckpair->key)) { QUIC_DBG (1, "failed to read private key from app configuration\n"); } - if (load_bio_certificate_chain (quicly_ctx->tls, - (char *) app->tls_cert)) + if (load_bio_certificate_chain (quicly_ctx->tls, (char *) ckpair->cert)) { QUIC_DBG (1, "failed to load certificate\n"); } @@ -1071,7 +1071,7 @@ quic_connect_connection (session_endpoint_cfg_t * sep) ctx->parent_app_id = app_wrk->app_index; cargs->sep_ext.ns_index = app->ns_index; - quic_store_quicly_ctx (app, 1 /* is client */ ); + quic_store_quicly_ctx (app, ctx->ckpair_index); /* Also store it in ctx for convenience * Waiting for crypto_ctx logic */ ctx->quicly_ctx = (quicly_context_t *) app->quicly_ctx; @@ -1163,7 +1163,7 @@ quic_start_listen (u32 quic_listen_session_index, transport_endpoint_t * tep) app = application_get (app_wrk->app_index); QUIC_DBG (2, "Called quic_start_listen for app %d", app_wrk->app_index); - quic_store_quicly_ctx (app, 0 /* is_client */ ); + quic_store_quicly_ctx (app, sep->ckpair_index); sep->transport_proto = TRANSPORT_PROTO_UDPC; clib_memset (args, 0, sizeof (*args)); |