diff options
author | Nathan Skrzypczak <nathan.skrzypczak@gmail.com> | 2019-09-13 11:08:13 +0200 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2019-10-09 01:09:11 +0000 |
commit | 79f89537c6fd3baeac03354a3381f42895fe2ca8 (patch) | |
tree | 967f83e5a26a4fcfb7857c122d2217a1094f9942 /src/plugins/tlsopenssl | |
parent | ff5a9b6ecd744ff5c42e6c2388dd31a338ea6a0c (diff) |
session: Add certificate store
Type: feature
This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.
This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs
Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Diffstat (limited to 'src/plugins/tlsopenssl')
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 589d76de860..c383cf3561d 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -592,7 +592,6 @@ openssl_ctx_init_client (tls_ctx_t * ctx) static int openssl_start_listen (tls_ctx_t * lctx) { - application_t *app; const SSL_METHOD *method; SSL_CTX *ssl_ctx; int rv; @@ -601,17 +600,16 @@ openssl_start_listen (tls_ctx_t * lctx) EVP_PKEY *pkey; u32 olc_index; openssl_listen_ctx_t *olc; - app_worker_t *app_wrk; + app_cert_key_pair_t *ckpair; long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION; openssl_main_t *om = &openssl_main; - app_wrk = app_worker_get (lctx->parent_app_wrk_index); - if (!app_wrk) + ckpair = app_cert_key_pair_get_if_valid (lctx->ckpair_index); + if (!ckpair) return -1; - app = application_get (app_wrk->app_index); - if (!app->tls_cert || !app->tls_key) + if (!ckpair->cert || !ckpair->key) { TLS_DBG (1, "tls cert and/or key not configured %d", lctx->parent_app_wrk_index); @@ -646,7 +644,7 @@ openssl_start_listen (tls_ctx_t * lctx) * Set the key and cert */ cert_bio = BIO_new (BIO_s_mem ()); - BIO_write (cert_bio, app->tls_cert, vec_len (app->tls_cert)); + BIO_write (cert_bio, ckpair->cert, vec_len (ckpair->cert)); srvcert = PEM_read_bio_X509 (cert_bio, NULL, NULL, NULL); if (!srvcert) { @@ -657,7 +655,7 @@ openssl_start_listen (tls_ctx_t * lctx) BIO_free (cert_bio); cert_bio = BIO_new (BIO_s_mem ()); - BIO_write (cert_bio, app->tls_key, vec_len (app->tls_key)); + BIO_write (cert_bio, ckpair->key, vec_len (ckpair->key)); pkey = PEM_read_bio_PrivateKey (cert_bio, NULL, NULL, NULL); if (!pkey) { |