summaryrefslogtreecommitdiffstats
path: root/src/vnet/session/session.api
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2018-03-05 16:53:07 -0800
committerDave Barach <openvpp@barachs.net>2018-03-07 13:27:59 +0000
commit8f89dd01289ea9e97405432d2351a19c842dd6d5 (patch)
tree67ab5d20f9ebbd34ee8d9fec2dfc3d97297fd0f7 /src/vnet/session/session.api
parent7139e757b13212f3fd8e3f3f401018375fed0c61 (diff)
tls: enforce certificate verification
- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/session/session.api')
-rw-r--r--src/vnet/session/session.api7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/vnet/session/session.api b/src/vnet/session/session.api
index 336b51cd333..bf88e82f336 100644
--- a/src/vnet/session/session.api
+++ b/src/vnet/session/session.api
@@ -13,7 +13,7 @@
* limitations under the License.
*/
-option version = "1.0.1";
+option version = "1.0.2";
/** \brief client->vpp, attach application to session layer
@param client_index - opaque cookie to identify the sender
@@ -292,6 +292,9 @@ autoreply define unbind_sock {
@param ip - ip address
@param port - port
@param proto - protocol 0 - TCP 1 - UDP
+ @param hostname-len - length of hostname
+ @param hostname - destination's hostname. If present, used by protocols
+ like tls.
*/
autoreply define connect_sock {
u32 client_index;
@@ -303,6 +306,8 @@ autoreply define connect_sock {
u8 ip[16];
u16 port;
u8 proto;
+ u8 hostname_len;
+ u8 hostname[hostname_len];
};
/** \brief Bind reply