diff options
| author | Garrett D'Amore <garrett@damore.org> | 2017-11-09 14:09:14 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2017-11-20 21:49:09 -0800 |
| commit | 02178a8b5843a2c5a59fb7b104e4f9f5df1ff5ee (patch) | |
| tree | 122ee2bebf060aa26d6fa0778b877a6b7ca9b864 /src/supplemental/mbedtls/CMakeLists.txt | |
| parent | e8694d15d0a108895bf869f292d59e11d834361e (diff) | |
| download | nng-02178a8b5843a2c5a59fb7b104e4f9f5df1ff5ee.tar.gz nng-02178a8b5843a2c5a59fb7b104e4f9f5df1ff5ee.tar.bz2 nng-02178a8b5843a2c5a59fb7b104e4f9f5df1ff5ee.zip | |
fixes #3 TLS transport
This introduces a new transport (compatible with the TLS
transport from mangos), using TLS v1.2.
To use the new transport, you must have the mbed TLS library
available on your system (Xenial libmbedtls-dev). You can use
version 2.x or newer -- 1.3.x and PolarSSL versions are not
supported.
You enable the TLS transport with -DNNG_TRANSPORT_TLS=ON in the CMake
configuration.
You must configure the server certificate by default, and this can only
be done using nng options. See the nng_tls man page for details.
This work is experimental, and was made possible by Capitar IT Group BV,
and Staysail Systems, Inc.
Diffstat (limited to 'src/supplemental/mbedtls/CMakeLists.txt')
| -rw-r--r-- | src/supplemental/mbedtls/CMakeLists.txt | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/src/supplemental/mbedtls/CMakeLists.txt b/src/supplemental/mbedtls/CMakeLists.txt new file mode 100644 index 00000000..5c2de10b --- /dev/null +++ b/src/supplemental/mbedtls/CMakeLists.txt @@ -0,0 +1,54 @@ +# +# Copyright 2017 Garrett D'Amore <garrett@damore.org> +# Copyright 2017 Capitar IT Group BV <info@capitar.com> +# +# This software is supplied under the terms of the MIT License, a +# copy of which should be located in the distribution where this +# file was obtained (LICENSE.txt). A copy of the license may also be +# found online at https://opensource.org/licenses/MIT. +# + +# MBEDTLS library + +# This requires the mbedTLS library be installed somewhere. You can +# point this at a suitable installation of mbedTLS by setting +# MBEDTLS_ROOT_DIR to point at the root of the installation (prefix). + +# It is possible to minimize the mbedTLS library quite a bit. We do +# not require legacy algorithms, the net_sockets layer, the filesystem +# I/O, as well as various other tidbits. We provide an entropy source, +# so you can disable that in mbedTLS too. You may disable fallback support, +# as we only support TLS v1.2 at present. (You may also therefore remove +# code to support older versions of TLS/SSL.) You may also remove DTLS, +# since we're not using it now (nor are we likely to in the near feature). +# Also you may remove support for ZLIB compression, we don't use it either +# (and it would be insecure to do so.) PEM and X509 writing (encoding) +# is not needed (but parse support is!) You may also remove session support, +# as we don't use that either. +# +# (Look for a sample config.h in this directory, if you want to build +# a minimized version just for nng.) + +# What we do require is support for TLSv1.2 + +if (NNG_MBEDTLS_ENABLE) + set(SUPP_SOURCES supplemental/mbedtls/tls.c supplemental/tls.h) + Find_Package(mbedTLS REQUIRED) + + # If it isn't already in the link list, add the TLS libraries there. + # or something, so we take care not to duplicate it). + list(FIND NNG_REQUIRED_LIBRARIES ${MBEDTLS_TLS_LIBRARY} _index) + if (_index EQUAL -1) + set(NNG_REQUIRED_LIBRARIES ${NNG_REQUIRED_LIBRARIES} ${MBEDTLS_LIBRARIES}) + set(NNG_REQUIRED_LIBRARIES ${NNG_REQUIRED_LIBRARIES} PARENT_SCOPE) + endif() + + # Likewise for the include search path. + list(FIND NNG_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIR} _index) + if (_index EQUAL -1) + set(NNG_REQUIRED_INCLUDES ${NNG_REQUIRED_INCLUDES} ${MBEDTLS_INCLUDE_DIR}) + set(NNG_REQUIRED_INCLUDES ${NNG_REQUIRED_INCLUDES} PARENT_SCOPE) + endif() +endif() + +set(NNG_SOURCES ${NNG_SOURCES} ${SUPP_SOURCES} PARENT_SCOPE) |