From 8f89dd01289ea9e97405432d2351a19c842dd6d5 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Mon, 5 Mar 2018 16:53:07 -0800 Subject: tls: enforce certificate verification - add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras --- src/vnet/session/stream_session.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'src/vnet/session/stream_session.h') diff --git a/src/vnet/session/stream_session.h b/src/vnet/session/stream_session.h index 6f6dce66040..b7a5eee4b12 100644 --- a/src/vnet/session/stream_session.h +++ b/src/vnet/session/stream_session.h @@ -141,7 +141,6 @@ typedef struct local_session_ #define foreach_session_endpoint_fields \ foreach_transport_connection_fields \ _(u8, transport_proto) \ - _(u8, app_proto) \ typedef struct _session_endpoint { @@ -157,6 +156,7 @@ typedef struct _session_endpoint_extended #undef _ u32 app_index; u32 opaque; + u8 *hostname; } session_endpoint_extended_t; #define SESSION_IP46_ZERO \ @@ -173,7 +173,18 @@ typedef struct _session_endpoint_extended .is_ip4 = 0, \ .port = 0, \ .transport_proto = 0, \ - .app_proto = 0, \ +} +#define SESSION_ENDPOINT_EXT_NULL \ +{ \ + .sw_if_index = ENDPOINT_INVALID_INDEX, \ + .ip = SESSION_IP46_ZERO, \ + .fib_index = ENDPOINT_INVALID_INDEX, \ + .is_ip4 = 0, \ + .port = 0, \ + .transport_proto = 0, \ + .app_index = ENDPOINT_INVALID_INDEX, \ + .opaque = ENDPOINT_INVALID_INDEX, \ + .hostname = 0, \ } #define session_endpoint_to_transport(_sep) ((transport_endpoint_t *)_sep) -- cgit 1.2.3-korg