From c266796caaaf8a8c2a6c4a971a5fc18975b73f8e Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Thu, 25 Aug 2016 23:07:44 +0200
Subject: client: Initial support for TLS in the client

Use GNUtls because it is GPL compatible and instead of mbedTLS seems
to have a working non-blocking I/O integration. GNUtls has various
issues that could not be resolved easily:

* Pick spdy as sub protocol
* gmt_time not randomized
* private key loaded to RAM (but not verified)

This is the beginning and not the end. Client support might need more
work with actual tls verification. Maybe more manual x509 cert
verification is needed and maybe client certs don't work at all. I try
to ignore renegotiation as I threw away the key.

Reload x509 creds and keys as they might have changed from one
connection to another.

Change-Id: I9128e14084da1fc2705f858393f98b8133996172
---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index fbd1331..4c0a12f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -63,6 +63,7 @@ PKG_CHECK_MODULES(LIBOSMOCORE, libosmocore >= 0.3.2)
 PKG_CHECK_MODULES(LIBOSMOGSM, libosmogsm >= 0.3.2)
 PKG_CHECK_MODULES(LIBOSMOVTY, libosmovty >= 0.3.0)
 PKG_CHECK_MODULES(LIBZMQ, libzmq >= 3.2.2)
+PKG_CHECK_MODULES(LIBGNUTLS, gnutls)
 
 
 # Coverage build taken from WebKit's configure.in
-- 
cgit v1.2.3