aboutsummaryrefslogtreecommitdiffstats
path: root/src/osmo_tls.c
AgeCommit message (Collapse)AuthorFilesLines
2016-11-09client: Finish renaming client to conn in other places of the codeHolger Hans Peter Freyther1-10/+10
Change-Id: I3c7c499c921b03752cbbcdda3eac8ca360323a22
2016-11-09client: Prepare to have multiple server connectionsHolger Hans Peter Freyther1-2/+2
Take out various fields into a new connection class. We will have the option to connect to multiple servers. Change-Id: I820176d133fbdb0240a16eb4e1a6d505e5c080c6
2016-09-08server: Add vty interface for the TLS configurationHolger Hans Peter Freyther1-14/+109
Make the priority configurable, load DH params, allow to specify certificates or anonymous operations. Change-Id: I8ec3c0f8e1ee2089e1b7dacd9de842260930032f
2016-09-08server: Introduce tls mode for the serverHolger Hans Peter Freyther1-1/+113
Using tls priority of NORMAL:+ANON-ECDH:+ANON-DH already allows a client to connect to a server and protect the data using tls. Generate the dh params on load (and do that for the client right now as well) but that will go away soon. Change-Id: Ifa2ad24c0a631573c259a3bf94b91a946ad9ec9d
2016-09-08client: Initial support for TLS in the clientHolger Hans Peter Freyther1-0/+351
Use GNUtls because it is GPL compatible and instead of mbedTLS seems to have a working non-blocking I/O integration. GNUtls has various issues that could not be resolved easily: * Pick spdy as sub protocol * gmt_time not randomized * private key loaded to RAM (but not verified) This is the beginning and not the end. Client support might need more work with actual tls verification. Maybe more manual x509 cert verification is needed and maybe client certs don't work at all. I try to ignore renegotiation as I threw away the key. Reload x509 creds and keys as they might have changed from one connection to another. Change-Id: I9128e14084da1fc2705f858393f98b8133996172