From 8f89dd01289ea9e97405432d2351a19c842dd6d5 Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Mon, 5 Mar 2018 16:53:07 -0800
Subject: tls: enforce certificate verification

- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
  parameters. If hostname is present, certificate validation is
  enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
  different path can be provided via startup config

Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>
---
 src/vnet/session/session.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'src/vnet/session/session.c')

diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c
index 09e3ded6dff..d4220d4ae6b 100644
--- a/src/vnet/session/session.c
+++ b/src/vnet/session/session.c
@@ -878,12 +878,11 @@ session_open_vc (u32 app_index, session_endpoint_t * rmt, u32 opaque)
 int
 session_open_app (u32 app_index, session_endpoint_t * rmt, u32 opaque)
 {
-  session_endpoint_extended_t sep;
-  clib_memcpy (&sep, rmt, sizeof (*rmt));
-  sep.app_index = app_index;
-  sep.opaque = opaque;
+  session_endpoint_extended_t *sep = (session_endpoint_extended_t *) rmt;
+  sep->app_index = app_index;
+  sep->opaque = opaque;
 
-  return tp_vfts[rmt->transport_proto].open ((transport_endpoint_t *) & sep);
+  return tp_vfts[rmt->transport_proto].open ((transport_endpoint_t *) sep);
 }
 
 typedef int (*session_open_service_fn) (u32, session_endpoint_t *, u32);
-- 
cgit 1.2.3-korg