diff options
| author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2016-09-06 11:38:56 +0200 |
|---|---|---|
| committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2016-09-08 16:17:01 +0200 |
| commit | 9ea4da4bbbf90396b9b0694c0bf91712afce44f4 (patch) | |
| tree | 2671c874efb167e6950d2fdf552ac1532b93b243 /include/osmo-pcap | |
| parent | 064d2242881acff7a0d7f4877179559454163a57 (diff) | |
server: Introduce tls mode for the server
Using tls priority of NORMAL:+ANON-ECDH:+ANON-DH already allows a
client to connect to a server and protect the data using tls.
Generate the dh params on load (and do that for the client right
now as well) but that will go away soon.
Change-Id: Ifa2ad24c0a631573c259a3bf94b91a946ad9ec9d
Diffstat (limited to 'include/osmo-pcap')
| -rw-r--r-- | include/osmo-pcap/osmo_pcap_server.h | 15 | ||||
| -rw-r--r-- | include/osmo-pcap/osmo_tls.h | 10 |
2 files changed, 25 insertions, 0 deletions
diff --git a/include/osmo-pcap/osmo_pcap_server.h b/include/osmo-pcap/osmo_pcap_server.h index 6facbe3..89c3df2 100644 --- a/include/osmo-pcap/osmo_pcap_server.h +++ b/include/osmo-pcap/osmo_pcap_server.h @@ -24,6 +24,7 @@ #define OSMO_PCAP_SERVER_H #include "wireformat.h" +#include "osmo_tls.h" #include <osmocom/core/select.h> #include <osmocom/core/linuxlist.h> @@ -35,6 +36,7 @@ #include <pcap.h> +#include <stdbool.h> #include <time.h> struct rate_ctr_group; @@ -94,6 +96,12 @@ struct osmo_pcap_conn { /* statistics */ struct rate_ctr_group *ctrg; + + /* tls */ + bool tls_use; + bool direct_read; + size_t tls_limit_read; + struct osmo_tls_session tls_session; }; struct osmo_pcap_server { @@ -109,6 +117,13 @@ struct osmo_pcap_server { void *zmq_ctx; void *zmq_publ; + /* tls base */ + unsigned tls_log_level; + char *tls_priority; + char *tls_capath; + char *tls_server_cert; + char *tls_server_key; + char *base_path; off_t max_size; diff --git a/include/osmo-pcap/osmo_tls.h b/include/osmo-pcap/osmo_tls.h index bfc813e..54fea4d 100644 --- a/include/osmo-pcap/osmo_tls.h +++ b/include/osmo-pcap/osmo_tls.h @@ -24,10 +24,13 @@ #include <gnutls/abstract.h> #include <stdbool.h> +#include <stdint.h> struct osmo_fd; struct osmo_wqueue; struct osmo_pcap_client; +struct osmo_pcap_conn; +struct osmo_pcap_server; struct osmo_tls_session { bool in_use; @@ -38,6 +41,8 @@ struct osmo_tls_session { /* any credentials */ bool anon_alloc; gnutls_anon_client_credentials_t anon_cred; + bool anon_serv_alloc; + gnutls_anon_server_credentials_t anon_serv_cred; /* a x509 cert credential */ bool cert_alloc; @@ -53,6 +58,7 @@ struct osmo_tls_session { struct osmo_wqueue *wqueue; + int (*read)(struct osmo_tls_session *session); void (*error)(struct osmo_tls_session *session); void (*handshake_done)(struct osmo_tls_session *session); }; @@ -60,6 +66,10 @@ struct osmo_tls_session { void osmo_tls_init(void); bool osmo_tls_init_client_session(struct osmo_pcap_client *client); + +bool osmo_tls_init_server_session(struct osmo_pcap_conn *conn, struct osmo_pcap_server *server); void osmo_tls_release(struct osmo_tls_session *); int osmo_tls_client_bfd_cb(struct osmo_fd *fd, unsigned int what); + +size_t osmo_tls_pending(struct osmo_tls_session *session); |