fixes #186 Suggested API changes for nng TLS certs

2 files changed, 4 insertions, 147 deletions

diff --git a/src/transport/tls/tls.c b/src/transport/tls/tls.c
index 31426a78..408ff50c 100644
--- a/src/transport/tls/tls.c
+++ b/src/transport/tls/tls.c
@@ -843,93 +843,6 @@ tls_getopt_config(void *arg, void *v, size_t *szp)
 }
 
 static int
-tls_setopt_ca_cert(void *arg, const void *data, size_t sz)
-{
-	nni_tls_ep *ep = arg;
-
-	if (ep == NULL) {
-		return (0);
-	}
-	return (nng_tls_config_ca_cert(ep->cfg, data, sz));
-}
-
-static int
-tls_setopt_cert(void *arg, const void *data, size_t sz)
-{
-	nni_tls_ep *ep = arg;
-
-	if (ep == NULL) {
-		return (0);
-	}
-	return (nng_tls_config_cert(ep->cfg, data, sz));
-}
-
-static int
-tls_setopt_private_key(void *arg, const void *data, size_t sz)
-{
-	nni_tls_ep *ep = arg;
-
-	if (ep == NULL) {
-		return (0);
-	}
-	return (nng_tls_config_key(ep->cfg, data, sz));
-}
-
-static int
-tls_setopt_pass(void *arg, const void *data, size_t sz)
-{
-	nni_tls_ep *ep = arg;
-	size_t      len;
-
-	len = nni_strnlen(data, sz);
-	if (len >= sz) {
-		return (NNG_EINVAL);
-	}
-
-	if (ep == NULL) {
-		return (0);
-	}
-	return (nng_tls_config_pass(ep->cfg, data));
-}
-
-static int
-tls_getopt_auth_mode(void *arg, void *v, size_t *szp)
-{
-	nni_tls_ep *ep = arg;
-	return (nni_getopt_int(ep->authmode, v, szp));
-}
-
-static int
-tls_setopt_auth_mode(void *arg, const void *data, size_t sz)
-{
-	nni_tls_ep *ep = arg;
-	int         mode;
-	int         rv;
-
-	rv = nni_setopt_int(&mode, data, sz, -100, 100);
-	if (rv == 0) {
-		switch (mode) {
-		case NNG_TLS_AUTH_MODE_NONE:
-		case NNG_TLS_AUTH_MODE_OPTIONAL:
-		case NNG_TLS_AUTH_MODE_REQUIRED:
-			break;
-		default:
-			rv = NNG_EINVAL;
-			break;
-		}
-	}
-
-	if ((ep == NULL) || (rv != 0)) {
-		return (rv);
-	}
-
-	if ((rv = nng_tls_config_auth_mode(ep->cfg, mode)) == 0) {
-		ep->authmode = mode;
-	}
-	return (rv);
-}
-
-static int
 tls_getopt_verified(void *arg, void *v, size_t *szp)
 {
 	nni_tls_pipe *p = arg;
@@ -973,32 +886,6 @@ static nni_tran_ep_option nni_tls_ep_options[] = {
 	    .eo_getopt = tls_getopt_config,
 	    .eo_setopt = tls_setopt_config,
 	},
-	{
-	    .eo_name   = NNG_OPT_TLS_CA_CERT,
-	    .eo_getopt = NULL,
-	    .eo_setopt = tls_setopt_ca_cert,
-	},
-	{
-	    .eo_name   = NNG_OPT_TLS_CERT,
-	    .eo_getopt = NULL,
-	    .eo_setopt = tls_setopt_cert,
-	},
-	{
-	    .eo_name   = NNG_OPT_TLS_PRIVATE_KEY,
-	    .eo_getopt = NULL,
-	    .eo_setopt = tls_setopt_private_key,
-	},
-	{
-	    .eo_name   = NNG_OPT_TLS_PRIVATE_KEY_PASSWORD,
-	    .eo_getopt = NULL,
-	    .eo_setopt = tls_setopt_pass,
-	},
-	{
-	    .eo_name   = NNG_OPT_TLS_AUTH_MODE,
-	    .eo_getopt = tls_getopt_auth_mode,
-	    .eo_setopt = tls_setopt_auth_mode,
-	},
-
 	// terminate list
 	{ NULL, NULL, NULL },
 };
diff --git a/src/transport/tls/tls.h b/src/transport/tls/tls.h
index b36ee774..25edfa3a 100644
--- a/src/transport/tls/tls.h
+++ b/src/transport/tls/tls.h
@@ -1,6 +1,6 @@
 //
-// Copyright 2017 Staysail Systems, Inc. <info@staysail.tech>
-// Copyright 2017 Capitar IT Group BV <info@capitar.com>
+// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech>
+// Copyright 2018 Capitar IT Group BV <info@capitar.com>
 //
 // This software is supplied under the terms of the MIT License, a
 // copy of which should be located in the distribution where this
@@ -19,42 +19,12 @@ NNG_DECL int nng_tls_register(void);
 // started.  Once started, it is no longer possible to alter the TLS
 // configuration.
 
-// NNG_OPT_TLS_CA_CERT is a string with one or more X.509 certificates,
-// representing the entire CA chain.  The content may be either PEM or DER
-// encoded.
-#define NNG_OPT_TLS_CA_CERT "tls:ca-cert"
-
-// NNG_OPT_TLS_CRL is a PEM encoded CRL (revocation list).  Multiple lists
-// may be loaded by using this option multiple times.
-#define NNG_OPT_TLS_CRL "tls:crl"
-
-// NNG_OPT_TLS_CERT is used to specify our own certificate. At present
-// only one certificate may be supplied.  (In the future it may be
-// possible to call this multiple times, for servers that select different
-// certificates depending upon client capabilities.)
-#define NNG_OPT_TLS_CERT "tls:cert"
-
-// NNG_OPT_TLS_PRIVATE_KEY is used to specify the private key used
-// with the given certificate.  This should be called after setting
-// the certificate.  The private key may be in PEM or DER format.
-// If in PEM encoded, a terminating ZERO byte should be included.
-#define NNG_OPT_TLS_PRIVATE_KEY "tls:private-key"
-
-// NNG_OPT_TLS_PRIVATE_KEY_PASSWORD is used to specify a password
-// used for the private key.  The value is an ASCIIZ string.
-#define NNG_OPT_TLS_PRIVATE_KEY_PASSWORD "tls:private-key-password"
-
-// NNG_OPT_TLS_AUTH_MODE is an integer indicating whether our
-// peer should be verified or not.  It is required on clients/dialers,
-// and off on servers/listeners, by default.
-#define NNG_OPT_TLS_AUTH_MODE "tls:auth-mode"
-
 // NNG_OPT_TLS_AUTH_VERIFIED is a boolean that can be read on pipes,
 // indicating whether the peer certificate is verified.
 #define NNG_OPT_TLS_AUTH_VERIFIED "tls:auth-verified"
 
+// NNG_OPT_TLS_CONFIG is used to access the underlying configuration
+// (an nng_tls_config *).
 #define NNG_OPT_TLS_CONFIG "tls:config"
 
-// XXX: TBD: Ciphersuite selection and reporting.  Session reuse?
-
 #endif // NNG_TRANSPORT_TLS_TLS_H