tls: add stop listen handler

Change-Id: I233d02a669b6a0504cd54590c6c8e4fefadc4713 Signed-off-by: Florin Coras <fcoras@cisco.com>
author: Florin Coras <fcoras@cisco.com> 2018-03-04 07:24:30 -0800
committer: Damjan Marion <dmarion.lists@gmail.com> 2018-03-05 08:06:50 +0000
commit: e3e2f07141a9ab0729e76b5306b1710c390b8561 (patch)
tree: b79b63684e3ee4948955aa931f0eba72216a56ec /src/vnet
parent: 03f942a1cc4de3963507fc7075d91aff0cae7d58 (diff)
2 files changed, 42 insertions, 9 deletions
diff --git a/src/vnet/session-apps/tls.c b/src/vnet/session-apps/tls.c
index 4e4453cb0d3..50c36361f2b 100644
--- a/src/vnet/session-apps/tls.c
+++ b/src/vnet/session-apps/tls.c
@@ -221,9 +221,9 @@ tls_listener_ctx_alloc (void)
 }
 
 void
-tls_ctx_listener_free (tls_ctx_t * ctx)
+tls_listener_ctx_free (tls_ctx_t * ctx)
 {
-  pool_put (tls_main.half_open_ctx_pool, ctx);
+  pool_put (tls_main.listener_ctx_pool, ctx);
 }
 
 tls_ctx_t *
@@ -936,6 +936,13 @@ tls_disconnect (u32 ctx_index, u32 thread_index)
 				     app_session->server_tx_fifo);
       session_free (app_session);
     }
+  if (ctx->ssl.conf->endpoint == MBEDTLS_SSL_IS_SERVER)
+    {
+      mbedtls_x509_crt_free (&ctx->srvcert);
+      mbedtls_pk_free (&ctx->pkey);
+    }
+  mbedtls_ssl_free (&ctx->ssl);
+  mbedtls_ssl_config_free (&ctx->conf);
   tls_ctx_free (ctx);
 }
 
@@ -974,13 +981,27 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
 }
 
 u32
-tls_stop_listen (u32 listener_index)
+tls_stop_listen (u32 lctx_index)
 {
-  clib_warning ("TBD");
+  tls_main_t *tm = &tls_main;
+  application_t *tls_app;
+  tls_ctx_t *lctx;
+  lctx = tls_listener_ctx_get (lctx_index);
+  tls_app = application_get (tm->app_index);
+  application_stop_listen (tls_app, lctx->tls_session_handle);
+  tls_listener_ctx_free (lctx);
   return 0;
 }
 
 transport_connection_t *
+tls_connection_get (u32 ctx_index, u32 thread_index)
+{
+  tls_ctx_t *ctx;
+  ctx = tls_ctx_get_w_thread (ctx_index, thread_index);
+  return &ctx->connection;
+}
+
+transport_connection_t *
 tls_listener_get (u32 listener_index)
 {
   tls_ctx_t *ctx;
@@ -999,9 +1020,8 @@ format_tls_ctx (u8 * s, va_list * args)
   if (thread_index != child_ti)
     clib_warning ("app and tls sessions are on different threads!");
 
-  s =
-    format (s, "[#%d][TLS] app %u child %u", child_ti, ctx->parent_app_index,
-	    child_si);
+  s = format (s, "[#%d][TLS] app %u child %u", child_ti,
+	      ctx->parent_app_index, child_si);
   return s;
 }
 
@@ -1055,6 +1075,7 @@ const static transport_proto_vft_t tls_proto = {
   .open = tls_connect,
   .close = tls_disconnect,
   .bind = tls_start_listen,
+  .get_connection = tls_connection_get,
   .get_listener = tls_listener_get,
   .unbind = tls_stop_listen,
   .tx_type = TRANSPORT_TX_INTERNAL,
diff --git a/src/vnet/session/session_api.c b/src/vnet/session/session_api.c
index 6c2643c8995..6694a40c348 100755
--- a/src/vnet/session/session_api.c
+++ b/src/vnet/session/session_api.c
@@ -1111,6 +1111,7 @@ vl_api_application_tls_cert_add_t_handler (vl_api_application_tls_cert_add_t *
   vl_api_app_namespace_add_del_reply_t *rmp;
   vnet_app_add_tls_cert_args_t _a, *a = &_a;
   clib_error_t *error;
+  application_t *app;
   u32 cert_len;
   int rv = 0;
   if (!session_manager_is_enabled ())
@@ -1118,8 +1119,13 @@ vl_api_application_tls_cert_add_t_handler (vl_api_application_tls_cert_add_t *
       rv = VNET_API_ERROR_FEATURE_DISABLED;
       goto done;
     }
+  if (!(app = application_lookup (mp->client_index)))
+    {
+      rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
+      goto done;
+    }
   memset (a, 0, sizeof (*a));
-  a->app_index = clib_net_to_host_u32 (mp->app_index);
+  a->app_index = app->index;
   cert_len = clib_net_to_host_u16 (mp->cert_len);
   vec_validate (a->cert, cert_len);
   clib_memcpy (a->cert, mp->cert, cert_len);
@@ -1140,6 +1146,7 @@ vl_api_application_tls_key_add_t_handler (vl_api_application_tls_key_add_t *
   vl_api_app_namespace_add_del_reply_t *rmp;
   vnet_app_add_tls_key_args_t _a, *a = &_a;
   clib_error_t *error;
+  application_t *app;
   u32 key_len;
   int rv = 0;
   if (!session_manager_is_enabled ())
@@ -1147,8 +1154,13 @@ vl_api_application_tls_key_add_t_handler (vl_api_application_tls_key_add_t *
       rv = VNET_API_ERROR_FEATURE_DISABLED;
       goto done;
     }
+  if (!(app = application_lookup (mp->client_index)))
+    {
+      rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
+      goto done;
+    }
   memset (a, 0, sizeof (*a));
-  a->app_index = clib_net_to_host_u32 (mp->app_index);
+  a->app_index = app->index;
   key_len = clib_net_to_host_u16 (mp->key_len);
   vec_validate (a->key, key_len);
   clib_memcpy (a->key, mp->key, key_len);
author	Florin Coras <fcoras@cisco.com>	2018-03-04 07:24:30 -0800
committer	Damjan Marion <dmarion.lists@gmail.com>	2018-03-05 08:06:50 +0000
commit	e3e2f07141a9ab0729e76b5306b1710c390b8561 (patch)
tree	b79b63684e3ee4948955aa931f0eba72216a56ec /src/vnet
parent	03f942a1cc4de3963507fc7075d91aff0cae7d58 (diff)