osmo-pcap

Commit Graph

Author	SHA1	Message	Date
Holger Hans Peter Freyther	c266796caa	client: Initial support for TLS in the client Use GNUtls because it is GPL compatible and instead of mbedTLS seems to have a working non-blocking I/O integration. GNUtls has various issues that could not be resolved easily: * Pick spdy as sub protocol * gmt_time not randomized * private key loaded to RAM (but not verified) This is the beginning and not the end. Client support might need more work with actual tls verification. Maybe more manual x509 cert verification is needed and maybe client certs don't work at all. I try to ignore renegotiation as I threw away the key. Reload x509 creds and keys as they might have changed from one connection to another. Change-Id: I9128e14084da1fc2705f858393f98b8133996172	2016-09-08 16:16:55 +02:00

Author

SHA1

Message

Date

Holger Hans Peter Freyther

c266796caa

client: Initial support for TLS in the client

Use GNUtls because it is GPL compatible and instead of mbedTLS seems
to have a working non-blocking I/O integration. GNUtls has various
issues that could not be resolved easily:

* Pick spdy as sub protocol
* gmt_time not randomized
* private key loaded to RAM (but not verified)

This is the beginning and not the end. Client support might need more
work with actual tls verification. Maybe more manual x509 cert
verification is needed and maybe client certs don't work at all. I try
to ignore renegotiation as I threw away the key.

Reload x509 creds and keys as they might have changed from one
connection to another.

Change-Id: I9128e14084da1fc2705f858393f98b8133996172

2016-09-08 16:16:55 +02:00

1 Commits