From 8f89dd01289ea9e97405432d2351a19c842dd6d5 Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Mon, 5 Mar 2018 16:53:07 -0800
Subject: tls: enforce certificate verification

- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
  parameters. If hostname is present, certificate validation is
  enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
  different path can be provided via startup config

Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>
---
 src/vnet/session/session.api | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/vnet/session/session.api')

diff --git a/src/vnet/session/session.api b/src/vnet/session/session.api
index 336b51cd333..bf88e82f336 100644
--- a/src/vnet/session/session.api
+++ b/src/vnet/session/session.api
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-option version = "1.0.1";
+option version = "1.0.2";
 
 /** \brief client->vpp, attach application to session layer
     @param client_index - opaque cookie to identify the sender
@@ -292,6 +292,9 @@ autoreply define unbind_sock {
     @param ip - ip address
     @param port - port 
     @param proto - protocol 0 - TCP 1 - UDP
+    @param hostname-len - length of hostname
+    @param hostname - destination's hostname. If present, used by protocols
+					  like tls.
 */
 autoreply define connect_sock {
   u32 client_index;
@@ -303,6 +306,8 @@ autoreply define connect_sock {
   u8 ip[16];
   u16 port;
   u8 proto;
+  u8 hostname_len;
+  u8 hostname[hostname_len];
 };
 
 /** \brief Bind reply
-- 
cgit 1.2.3-korg