tls: enforce certificate verification

- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
  parameters. If hostname is present, certificate validation is
  enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
  different path can be provided via startup config

Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/vnet/session/session_test.c b/src/vnet/session/session_test.c
index 91ac351f860..ceac7039940 100644
--- a/src/vnet/session/session_test.c
+++ b/src/vnet/session/session_test.c
@@ -244,10 +244,10 @@ session_test_namespace (vlib_main_t * vm, unformat_input_t * input)
   };
 
   vnet_connect_args_t connect_args = {
-    .sep = client_sep,
     .app_index = 0,
     .api_context = 0,
   };
+  clib_memcpy (&connect_args.sep, &client_sep, sizeof (client_sep));
 
   vnet_unbind_args_t unbind_args = {
     .handle = bind_args.handle,
@@ -1032,10 +1032,10 @@ session_test_rules (vlib_main_t * vm, unformat_input_t * input)
 		" 5.6.7.9/32 4321 in local table should return deny");
 
   vnet_connect_args_t connect_args = {
-    .sep = sep,
     .app_index = attach_args.app_index,
     .api_context = 0,
   };
+  clib_memcpy (&connect_args.sep, &sep, sizeof (sep));
 
   /* Try connecting */
   error = vnet_connect (&connect_args);
@@ -1312,7 +1312,7 @@ session_test_rules (vlib_main_t * vm, unformat_input_t * input)
 
 
   connect_args.app_index = server_index;
-  connect_args.sep = sep;
+  clib_memcpy (&connect_args.sep, &sep, sizeof (sep));
 
   error = vnet_connect (&connect_args);
   SESSION_TEST ((error != 0), "connect should fail");