From 79f89537c6fd3baeac03354a3381f42895fe2ca8 Mon Sep 17 00:00:00 2001 From: Nathan Skrzypczak Date: Fri, 13 Sep 2019 11:08:13 +0200 Subject: session: Add certificate store Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak --- src/vnet/session/application.h | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'src/vnet/session/application.h') diff --git a/src/vnet/session/application.h b/src/vnet/session/application.h index 9ec1055bbbc..a853c3cb73a 100644 --- a/src/vnet/session/application.h +++ b/src/vnet/session/application.h @@ -111,16 +111,6 @@ typedef struct application_ /** Pool of listeners for the app */ app_listener_t *listeners; - /* - * TLS & QUIC Specific - */ - - /** Certificate to be used for listen sessions */ - u8 *tls_cert; - - /** PEM encoded key */ - u8 *tls_key; - /** Preferred tls engine */ u8 tls_engine; @@ -144,6 +134,11 @@ typedef struct app_main_ * Hash table of builtin apps by name */ uword *app_by_name; + + /** + * Pool from which we allocate certificates (key, cert) + */ + app_cert_key_pair_t *cert_key_pair_store; } app_main_t; typedef struct app_init_args_ @@ -284,6 +279,9 @@ int vnet_app_worker_add_del (vnet_app_worker_add_del_args_t * a); uword unformat_application_proto (unformat_input_t * input, va_list * args); +app_cert_key_pair_t *app_cert_key_pair_get (u32 index); +app_cert_key_pair_t *app_cert_key_pair_get_if_valid (u32 index); +app_cert_key_pair_t *app_cert_key_pair_get_default (); /* Needed while we support both bapi and mq ctrl messages */ int mq_send_session_bound_cb (u32 app_wrk_index, u32 api_context, -- cgit 1.2.3-korg