commit 79f89537c6fd3baeac03354a3381f42895fe2ca8
author Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Fri Sep 13 11:08:13 2019 +0200
committer Florin Coras <florin.coras@gmail.com> Wed Oct 09 01:09:11 2019 +0000
tree 967f83e5a26a4fcfb7857c122d2217a1094f9942
parent ff5a9b6ecd744ff5c42e6c2388dd31a338ea6a0c

session: Add certificate store

Type: feature

This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.

This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs

Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>

src/vnet/tls/tls.c

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 4fff72f..c512517 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -412,6 +412,7 @@
   ctx->tls_session_handle = session_handle (tls_session);
   ctx->listener_ctx_index = tls_listener->opaque;
   ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP;
+  ctx->ckpair_index = lctx->ckpair_index;
 
   /* Preallocate app session. Avoids allocating a session post handshake
    * on tls_session rx and potentially invalidating the session pool */
@@ -625,6 +626,7 @@
   lctx->app_session_handle = listen_session_get_handle (app_listener);
   lctx->tcp_is_ip4 = sep->is_ip4;
   lctx->tls_ctx_engine = engine_type;
+  lctx->ckpair_index = sep->ckpair_index;
 
   if (tls_vfts[engine_type].ctx_start_listen (lctx))
     {