Take out various fields into a new connection class. We will have the
option to connect to multiple servers.
Change-Id: I820176d133fbdb0240a16eb4e1a6d505e5c080c6
Make the priority configurable, load DH params, allow to specify
certificates or anonymous operations.
Change-Id: I8ec3c0f8e1ee2089e1b7dacd9de842260930032f
Using tls priority of NORMAL:+ANON-ECDH:+ANON-DH already allows a
client to connect to a server and protect the data using tls.
Generate the dh params on load (and do that for the client right
now as well) but that will go away soon.
Change-Id: Ifa2ad24c0a631573c259a3bf94b91a946ad9ec9d
Use GNUtls because it is GPL compatible and instead of mbedTLS seems
to have a working non-blocking I/O integration. GNUtls has various
issues that could not be resolved easily:
* Pick spdy as sub protocol
* gmt_time not randomized
* private key loaded to RAM (but not verified)
This is the beginning and not the end. Client support might need more
work with actual tls verification. Maybe more manual x509 cert
verification is needed and maybe client certs don't work at all. I try
to ignore renegotiation as I threw away the key.
Reload x509 creds and keys as they might have changed from one
connection to another.
Change-Id: I9128e14084da1fc2705f858393f98b8133996172
Harald Welte
Holger Hans Peter Freyther