From 371ca50a74a9c4f1b74c4c1b65c6fdec610fcfc3 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Wed, 21 Feb 2018 12:07:41 -0800 Subject: session: first approximation implementation of tls It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras --- src/vnet/session-apps/http_server.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'src/vnet/session-apps/http_server.c') diff --git a/src/vnet/session-apps/http_server.c b/src/vnet/session-apps/http_server.c index eeb755b0fc4..6a2e6cda1a2 100644 --- a/src/vnet/session-apps/http_server.c +++ b/src/vnet/session-apps/http_server.c @@ -53,6 +53,7 @@ typedef struct u32 prealloc_fifos; u32 private_segment_size; u32 fifo_size; + u8 *uri; vlib_main_t *vlib_main; } http_server_main_t; @@ -476,7 +477,7 @@ static session_cb_vft_t http_server_session_cb_vft = { .session_disconnect_callback = http_server_session_disconnect_callback, .session_connected_callback = http_server_session_connected_callback, .add_segment_callback = http_server_add_segment_callback, - .builtin_server_rx_callback = http_server_rx_callback, + .builtin_app_rx_callback = http_server_rx_callback, .session_reset_callback = http_server_session_reset_callback }; @@ -498,6 +499,8 @@ create_api_loopback (vlib_main_t * vm) static int server_attach () { + vnet_app_add_tls_cert_args_t _a_cert, *a_cert = &_a_cert; + vnet_app_add_tls_key_args_t _a_key, *a_key = &_a_key; http_server_main_t *hsm = &http_server_main; u64 options[APP_OPTIONS_N_OPTIONS]; vnet_app_attach_args_t _a, *a = &_a; @@ -526,6 +529,19 @@ server_attach () return -1; } hsm->app_index = a->app_index; + + memset (a_cert, 0, sizeof (*a_cert)); + a_cert->app_index = a->app_index; + vec_validate (a_cert->cert, test_srv_crt_rsa_len); + clib_memcpy (a_cert->cert, test_srv_crt_rsa, test_srv_crt_rsa_len); + vnet_app_add_tls_cert (a_cert); + + memset (a_key, 0, sizeof (*a_key)); + a_key->app_index = a->app_index; + vec_validate (a_key->key, test_srv_key_rsa_len); + clib_memcpy (a_key->key, test_srv_key_rsa, test_srv_key_rsa_len); + vnet_app_add_tls_key (a_key); + return 0; } @@ -537,6 +553,8 @@ http_server_listen () memset (a, 0, sizeof (*a)); a->app_index = hsm->app_index; a->uri = "tcp://0.0.0.0/80"; + if (hsm->uri) + a->uri = (char *) hsm->uri; return vnet_bind_uri (a); } @@ -599,6 +617,8 @@ http_server_create_command_fn (vlib_main_t * vm, } else if (unformat (input, "fifo-size %d", &hsm->fifo_size)) hsm->fifo_size <<= 10; + else if (unformat (input, "uri %s", &hsm->uri)) + ; else return clib_error_return (0, "unknown input `%U'", format_unformat_error, input); @@ -610,7 +630,7 @@ http_server_create_command_fn (vlib_main_t * vm, if (is_static) { - http_server_session_cb_vft.builtin_server_rx_callback = + http_server_session_cb_vft.builtin_app_rx_callback = http_server_rx_callback_static; html = format (0, html_header_static); static_http = format (0, http_response, vec_len (html), html); -- cgit 1.2.3-korg