vcl: add config option for preferred tls engine
Type: feature
Change-Id: If6c095c9b737cb524a9232dcfa9be0f93f04d114
Signed-off-by: Florin Coras <fcoras@cisco.com>
diff --git a/src/vcl/vcl_bapi.c b/src/vcl/vcl_bapi.c
index 7e745c1..be7ce6b 100644
--- a/src/vcl/vcl_bapi.c
+++ b/src/vcl/vcl_bapi.c
@@ -360,11 +360,14 @@
vppcom_app_send_attach (void)
{
vcl_worker_t *wrk = vcl_worker_get_current ();
+ u8 tls_engine = CRYPTO_ENGINE_OPENSSL;
vl_api_app_attach_t *bmp;
u8 nsid_len = vec_len (vcm->cfg.namespace_id);
u8 app_is_proxy = (vcm->cfg.app_proxy_transport_tcp ||
vcm->cfg.app_proxy_transport_udp);
+ tls_engine = vcm->cfg.tls_engine ? vcm->cfg.tls_engine : tls_engine;
+
bmp = vl_msg_api_alloc (sizeof (*bmp));
memset (bmp, 0, sizeof (*bmp));
@@ -387,7 +390,7 @@
bmp->options[APP_OPTIONS_PREALLOC_FIFO_PAIRS] =
vcm->cfg.preallocated_fifo_pairs;
bmp->options[APP_OPTIONS_EVT_QUEUE_SIZE] = vcm->cfg.event_queue_size;
- bmp->options[APP_OPTIONS_TLS_ENGINE] = CRYPTO_ENGINE_OPENSSL;
+ bmp->options[APP_OPTIONS_TLS_ENGINE] = tls_engine;
if (nsid_len)
{
bmp->namespace_id_len = nsid_len;
diff --git a/src/vcl/vcl_cfg.c b/src/vcl/vcl_cfg.c
index 21fa0fa..cce60ba 100644
--- a/src/vcl/vcl_cfg.c
+++ b/src/vcl/vcl_cfg.c
@@ -499,6 +499,12 @@
VCFG_DBG (0, "VCL<%d>: configured with mq with eventfd",
getpid ());
}
+ else if (unformat (line_input, "tls-engine %u",
+ &vcl_cfg->tls_engine))
+ {
+ VCFG_DBG (0, "VCL<%d>: configured tls-engine %u (0x%x)",
+ getpid (), vcl_cfg->tls_engine, vcl_cfg->tls_engine);
+ }
else if (unformat (line_input, "}"))
{
vc_cfg_input = 0;
diff --git a/src/vcl/vcl_private.h b/src/vcl/vcl_private.h
index 7746862..8fdf755 100644
--- a/src/vcl/vcl_private.h
+++ b/src/vcl/vcl_private.h
@@ -211,6 +211,7 @@
char *event_log_path;
u8 *vpp_api_filename;
u8 *vpp_api_socket_name;
+ u32 tls_engine;
} vppcom_cfg_t;
void vppcom_cfg (vppcom_cfg_t * vcl_cfg);