summaryrefslogtreecommitdiffstats
path: root/src/plugins/quic
diff options
context:
space:
mode:
authorNathan Skrzypczak <nathan.skrzypczak@gmail.com>2019-09-13 11:08:13 +0200
committerFlorin Coras <florin.coras@gmail.com>2019-10-09 01:09:11 +0000
commit79f89537c6fd3baeac03354a3381f42895fe2ca8 (patch)
tree967f83e5a26a4fcfb7857c122d2217a1094f9942 /src/plugins/quic
parentff5a9b6ecd744ff5c42e6c2388dd31a338ea6a0c (diff)
session: Add certificate store
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Diffstat (limited to 'src/plugins/quic')
-rw-r--r--src/plugins/quic/quic.c18
-rw-r--r--src/plugins/quic/quic.h3
2 files changed, 11 insertions, 10 deletions
diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c
index e9df9ff5025..6648a413e65 100644
--- a/src/plugins/quic/quic.c
+++ b/src/plugins/quic/quic.c
@@ -855,11 +855,12 @@ quic_encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls,
}
static void
-quic_store_quicly_ctx (application_t * app, u8 is_client)
+quic_store_quicly_ctx (application_t * app, u32 cert_key_index)
{
quic_main_t *qm = &quic_main;
quicly_context_t *quicly_ctx;
ptls_iovec_t key_vec;
+ app_cert_key_pair_t *ckpair;
if (app->quicly_ctx)
return;
@@ -910,16 +911,15 @@ quic_store_quicly_ctx (application_t * app, u8 is_client)
quicly_new_default_cid_encryptor (&ptls_openssl_bfecb,
&ptls_openssl_aes128ecb,
&ptls_openssl_sha256, key_vec);
- if (is_client)
- return;
- if (app->tls_key != NULL && app->tls_cert != NULL)
+
+ ckpair = app_cert_key_pair_get_if_valid (cert_key_index);
+ if (ckpair && ckpair->key != NULL && ckpair->cert != NULL)
{
- if (load_bio_private_key (quicly_ctx->tls, (char *) app->tls_key))
+ if (load_bio_private_key (quicly_ctx->tls, (char *) ckpair->key))
{
QUIC_DBG (1, "failed to read private key from app configuration\n");
}
- if (load_bio_certificate_chain (quicly_ctx->tls,
- (char *) app->tls_cert))
+ if (load_bio_certificate_chain (quicly_ctx->tls, (char *) ckpair->cert))
{
QUIC_DBG (1, "failed to load certificate\n");
}
@@ -1071,7 +1071,7 @@ quic_connect_connection (session_endpoint_cfg_t * sep)
ctx->parent_app_id = app_wrk->app_index;
cargs->sep_ext.ns_index = app->ns_index;
- quic_store_quicly_ctx (app, 1 /* is client */ );
+ quic_store_quicly_ctx (app, ctx->ckpair_index);
/* Also store it in ctx for convenience
* Waiting for crypto_ctx logic */
ctx->quicly_ctx = (quicly_context_t *) app->quicly_ctx;
@@ -1163,7 +1163,7 @@ quic_start_listen (u32 quic_listen_session_index, transport_endpoint_t * tep)
app = application_get (app_wrk->app_index);
QUIC_DBG (2, "Called quic_start_listen for app %d", app_wrk->app_index);
- quic_store_quicly_ctx (app, 0 /* is_client */ );
+ quic_store_quicly_ctx (app, sep->ckpair_index);
sep->transport_proto = TRANSPORT_PROTO_UDPC;
clib_memset (args, 0, sizeof (*args));
diff --git a/src/plugins/quic/quic.h b/src/plugins/quic/quic.h
index 312ffcba1cb..85c78dd7871 100644
--- a/src/plugins/quic/quic.h
+++ b/src/plugins/quic/quic.h
@@ -121,8 +121,9 @@ typedef struct quic_ctx_
u32 timer_handle;
u32 parent_app_wrk_id;
u32 parent_app_id;
- u8 flags;
+ u32 ckpair_index;
quicly_context_t *quicly_ctx;
+ u8 flags;
} quic_ctx_t;
/* Make sure our custom fields don't overlap with the fields we use in