tls: enforce certificate verification

- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
author: Florin Coras <fcoras@cisco.com> 2018-03-05 16:53:07 -0800
committer: Dave Barach <openvpp@barachs.net> 2018-03-07 13:27:59 +0000
commit: 8f89dd01289ea9e97405432d2351a19c842dd6d5 (patch)
tree: 67ab5d20f9ebbd34ee8d9fec2dfc3d97297fd0f7 /src/vnet/session/session.c
parent: 7139e757b13212f3fd8e3f3f401018375fed0c61 (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c
index 09e3ded6dff..d4220d4ae6b 100644
--- a/src/vnet/session/session.c
+++ b/src/vnet/session/session.c
@@ -878,12 +878,11 @@ session_open_vc (u32 app_index, session_endpoint_t * rmt, u32 opaque)
 int
 session_open_app (u32 app_index, session_endpoint_t * rmt, u32 opaque)
 {
-  session_endpoint_extended_t sep;
-  clib_memcpy (&sep, rmt, sizeof (*rmt));
-  sep.app_index = app_index;
-  sep.opaque = opaque;
+  session_endpoint_extended_t *sep = (session_endpoint_extended_t *) rmt;
+  sep->app_index = app_index;
+  sep->opaque = opaque;
 
-  return tp_vfts[rmt->transport_proto].open ((transport_endpoint_t *) & sep);
+  return tp_vfts[rmt->transport_proto].open ((transport_endpoint_t *) sep);
 }
 
 typedef int (*session_open_service_fn) (u32, session_endpoint_t *, u32);
author	Florin Coras <fcoras@cisco.com>	2018-03-05 16:53:07 -0800
committer	Dave Barach <openvpp@barachs.net>	2018-03-07 13:27:59 +0000
commit	8f89dd01289ea9e97405432d2351a19c842dd6d5 (patch)
tree	67ab5d20f9ebbd34ee8d9fec2dfc3d97297fd0f7 /src/vnet/session/session.c
parent	7139e757b13212f3fd8e3f3f401018375fed0c61 (diff)