diff options
| author |   Nathan Skrzypczak <nathan.skrzypczak@gmail.com> | 2019-09-13 11:08:13 +0200 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2019-10-09 01:09:11 +0000 |
| commit | 79f89537c6fd3baeac03354a3381f42895fe2ca8 (patch) | |
| tree | 967f83e5a26a4fcfb7857c122d2217a1094f9942 /src/plugins/tlsmbedtls | |
| parent | ff5a9b6ecd744ff5c42e6c2388dd31a338ea6a0c (diff) | |
session: Add certificate store
Type: feature
This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.
This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs
Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Diffstat (limited to 'src/plugins/tlsmbedtls')
| -rw-r--r-- | src/plugins/tlsmbedtls/tls_mbedtls.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index 73112323f0e..7a2abaf39b9 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -276,8 +276,7 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx) { mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx; mbedtls_main_t *mm = &mbedtls_main; - app_worker_t *app_wrk; - application_t *app; + app_cert_key_pair_t *ckpair; void *ctx_ptr; int rv; @@ -289,12 +288,11 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx) /* * 1. Cert */ - app_wrk = app_worker_get (ctx->parent_app_wrk_index); - if (!app_wrk) + ckpair = app_cert_key_pair_get_if_valid (ctx->ckpair_index); + if (!ckpair) return -1; - app = application_get (app_wrk->app_index); - if (!app->tls_cert || !app->tls_key) + if (!ckpair->cert || !ckpair->key) { TLS_DBG (1, " failed\n ! tls cert and/or key not configured %d", ctx->parent_app_wrk_index); @@ -302,8 +300,8 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx) } rv = mbedtls_x509_crt_parse (&mc->srvcert, - (const unsigned char *) app->tls_cert, - vec_len (app->tls_cert)); + (const unsigned char *) ckpair->cert, + vec_len (ckpair->cert)); if (rv != 0) { TLS_DBG (1, " failed\n ! mbedtls_x509_crt_parse returned %d", rv); @@ -311,8 +309,8 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx) } rv = mbedtls_pk_parse_key (&mc->pkey, - (const unsigned char *) app->tls_key, - vec_len (app->tls_key), NULL, 0); + (const unsigned char *) ckpair->key, + vec_len (ckpair->key), NULL, 0); if (rv != 0) { TLS_DBG (1, " failed\n ! mbedtls_pk_parse_key returned %d", rv); |