path: root/include/osmo-pcap/osmo_pcap_client.h
diff options
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2016-08-25 23:07:44 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2016-09-08 16:16:55 +0200
commitc266796caaaf8a8c2a6c4a971a5fc18975b73f8e (patch)
treea88b5f91da0b7330bd044ce54b87f17d6d47465d /include/osmo-pcap/osmo_pcap_client.h
parentc1c194393b1c568961623c939efd5ae118903440 (diff)
client: Initial support for TLS in the client
Use GNUtls because it is GPL compatible and instead of mbedTLS seems to have a working non-blocking I/O integration. GNUtls has various issues that could not be resolved easily: * Pick spdy as sub protocol * gmt_time not randomized * private key loaded to RAM (but not verified) This is the beginning and not the end. Client support might need more work with actual tls verification. Maybe more manual x509 cert verification is needed and maybe client certs don't work at all. I try to ignore renegotiation as I threw away the key. Reload x509 creds and keys as they might have changed from one connection to another. Change-Id: I9128e14084da1fc2705f858393f98b8133996172
Diffstat (limited to 'include/osmo-pcap/osmo_pcap_client.h')
1 files changed, 16 insertions, 0 deletions
diff --git a/include/osmo-pcap/osmo_pcap_client.h b/include/osmo-pcap/osmo_pcap_client.h
index 4367e4c..b8ceb38 100644
--- a/include/osmo-pcap/osmo_pcap_client.h
+++ b/include/osmo-pcap/osmo_pcap_client.h
@@ -20,6 +20,8 @@
+#include "osmo_tls.h"
#include <inttypes.h>
#include <pcap.h>
@@ -64,6 +66,20 @@ struct osmo_pcap_client {
struct osmo_wqueue wqueue;
struct osmo_timer_list timer;
+ /* TLS handling */
+ bool tls_on;
+ bool tls_verify;
+ char *tls_hostname;
+ char *tls_capath;
+ char *tls_priority;
+ char *tls_client_cert;
+ char *tls_client_key;
+ unsigned tls_log_level;
+ struct osmo_tls_session tls_session;
/* statistics */
struct rate_ctr_group *ctrg;