tls: enforce certificate verification 72/10972/9
authorFlorin Coras <fcoras@cisco.com>
Tue, 6 Mar 2018 00:53:07 +0000 (16:53 -0800)
committerDave Barach <openvpp@barachs.net>
Wed, 7 Mar 2018 13:27:59 +0000 (13:27 +0000)
commit8f89dd01289ea9e97405432d2351a19c842dd6d5
tree67ab5d20f9ebbd34ee8d9fec2dfc3d97297fd0f7
parent7139e757b13212f3fd8e3f3f401018375fed0c61
tls: enforce certificate verification

- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
  parameters. If hostname is present, certificate validation is
  enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
  different path can be provided via startup config

Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>
src/tests/vnet/session/tcp_echo.c
src/vnet/session-apps/echo_client.c
src/vnet/session-apps/proxy.c
src/vnet/session-apps/tls.c
src/vnet/session/application_interface.c
src/vnet/session/application_interface.h
src/vnet/session/session.api
src/vnet/session/session.c
src/vnet/session/session_api.c
src/vnet/session/session_test.c
src/vnet/session/stream_session.h