aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/tlsmbedtls
diff options
context:
space:
mode:
authorNathan Skrzypczak <nathan.skrzypczak@gmail.com>2019-09-13 11:08:13 +0200
committerFlorin Coras <florin.coras@gmail.com>2019-10-09 01:09:11 +0000
commit79f89537c6fd3baeac03354a3381f42895fe2ca8 (patch)
tree967f83e5a26a4fcfb7857c122d2217a1094f9942 /src/plugins/tlsmbedtls
parentff5a9b6ecd744ff5c42e6c2388dd31a338ea6a0c (diff)
session: Add certificate store
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Diffstat (limited to 'src/plugins/tlsmbedtls')
-rw-r--r--src/plugins/tlsmbedtls/tls_mbedtls.c18
1 files changed, 8 insertions, 10 deletions
diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c
index 73112323f0e..7a2abaf39b9 100644
--- a/src/plugins/tlsmbedtls/tls_mbedtls.c
+++ b/src/plugins/tlsmbedtls/tls_mbedtls.c
@@ -276,8 +276,7 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
{
mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
mbedtls_main_t *mm = &mbedtls_main;
- app_worker_t *app_wrk;
- application_t *app;
+ app_cert_key_pair_t *ckpair;
void *ctx_ptr;
int rv;
@@ -289,12 +288,11 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
/*
* 1. Cert
*/
- app_wrk = app_worker_get (ctx->parent_app_wrk_index);
- if (!app_wrk)
+ ckpair = app_cert_key_pair_get_if_valid (ctx->ckpair_index);
+ if (!ckpair)
return -1;
- app = application_get (app_wrk->app_index);
- if (!app->tls_cert || !app->tls_key)
+ if (!ckpair->cert || !ckpair->key)
{
TLS_DBG (1, " failed\n ! tls cert and/or key not configured %d",
ctx->parent_app_wrk_index);
@@ -302,8 +300,8 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
}
rv = mbedtls_x509_crt_parse (&mc->srvcert,
- (const unsigned char *) app->tls_cert,
- vec_len (app->tls_cert));
+ (const unsigned char *) ckpair->cert,
+ vec_len (ckpair->cert));
if (rv != 0)
{
TLS_DBG (1, " failed\n ! mbedtls_x509_crt_parse returned %d", rv);
@@ -311,8 +309,8 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
}
rv = mbedtls_pk_parse_key (&mc->pkey,
- (const unsigned char *) app->tls_key,
- vec_len (app->tls_key), NULL, 0);
+ (const unsigned char *) ckpair->key,
+ vec_len (ckpair->key), NULL, 0);
if (rv != 0)
{
TLS_DBG (1, " failed\n ! mbedtls_pk_parse_key returned %d", rv);