tls: enforce certificate verification
- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
parameters. If hostname is present, certificate validation is
enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
different path can be provided via startup config
Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>
diff --git a/src/vnet/session/session_test.c b/src/vnet/session/session_test.c
index 91ac351..ceac703 100644
--- a/src/vnet/session/session_test.c
+++ b/src/vnet/session/session_test.c
@@ -244,10 +244,10 @@
};
vnet_connect_args_t connect_args = {
- .sep = client_sep,
.app_index = 0,
.api_context = 0,
};
+ clib_memcpy (&connect_args.sep, &client_sep, sizeof (client_sep));
vnet_unbind_args_t unbind_args = {
.handle = bind_args.handle,
@@ -1032,10 +1032,10 @@
" 5.6.7.9/32 4321 in local table should return deny");
vnet_connect_args_t connect_args = {
- .sep = sep,
.app_index = attach_args.app_index,
.api_context = 0,
};
+ clib_memcpy (&connect_args.sep, &sep, sizeof (sep));
/* Try connecting */
error = vnet_connect (&connect_args);
@@ -1312,7 +1312,7 @@
connect_args.app_index = server_index;
- connect_args.sep = sep;
+ clib_memcpy (&connect_args.sep, &sep, sizeof (sep));
error = vnet_connect (&connect_args);
SESSION_TEST ((error != 0), "connect should fail");