| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
More direct access methods are provided instead.
This results in much lower friction when using, and is a step on the path
to removing NNG_OPT_LOCADDR as well.
We need to figure a solution for NNG_OPT_LOCADDR for dialers; for
listeners there is little use in it either, and it will be removed.
(Dialers will probably get a new NNG_OPT_BIND_IP option.)
|
| |
|
|
|
|
|
|
|
|
|
| |
We are *only* supporting 3.5 (or newer 3.x releases) as its the newest LTS version of OpenSSL.
This supports the full set of TLS features with NNG, including DTLS, PSK, TLS 1.3, etc.
Future work will explore making using of the QUIC support in OpenSSL.
Note that this OpenSSL work sits on top of NNG's TCP streams, so it cannot benefit from
Linux in-kernel TLS or other features such as TCP fast open at this time.
|
| | |
|
| |
|
|
|
|
| |
This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN
properties, and gives a bit more access to the certificate, as well as
direct access to the raw DER form, which should allow use in other APIs.
|
| |
|
|
|
|
| |
Also, some instances nni_aio are changed to nng_aio. We think we want to harmonize
some of these types going forward as it will reduce the need to include headers
hopefully letting us get away with just "defs.h" in more places.
|
| |
|
|
|
|
|
| |
This also provides an implementation for getting ALT names, although
nothing uses that yet. We plan to provide a new certificate API to
replace these with a nicer API, as obtaining the full list of certs
may be unreasonable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a new experimental transport for DTLS, that
provides encryption over UDP. It has a simpler protocol than
the current UDP SP protocol (but we intend to fix that by making
the UDP transport simpler in a follow up!)
There are a few other fixes in the TLS layer itself, and in
the build, that were needed to accomplish this work.
Also there was an endianness bug in the UDP protocol handling, which
is fixed here.
|
| | |
|
| | |
|
| |
|
|
| |
This was occasionally causing "sigabrt" and similar failures in the tests.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Also, make it clearer that TLS keys and certificates can only
be set once on a configuration. (mbedTLS makes this confusing!)
This mutual test is only fully validated on mbed, because wolfSSL
seems to not properly validate this in many configurations.
|
| |
|
|
| |
Also add a test case for mismatch verify.
|
| | |
|
| |
|
|
|
|
|
| |
This eliminates most (but not all) of the dynamic allocations
associated with URL objects. A number of convenience fields
on the URL are removed, but we are able to use common buffer
for most of the details.
|
| |
|
|
|
| |
This was an undocumented capability provided for libnanomsg. The
correct way to obtain the same functionality is to use `NNG_OPT_LOCADDR`.
|
| |
|
|
| |
This is simpler, and more reliable than using socket options.
|
| |
|
|
|
| |
This lets us see that we are skipping tests due to lack of support,
and makes it a little clearer to an observer.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Transport specific options should be configured on the end point.
This has the most impact for TLS, as TLS dialers and listeners will
need to be allocated apriori, to configure TLS options.
Some legacy tests were removed... we're going to remove the legacy
libnanomsg compatibility layer anyway.
|
| |
|
|
| |
This is in preparation for the wolfSSL integration.
|
|
|
This also adds an SP layer transport test for TLS, based on the TCP
test but with some additions; this test does not cover all the edge
cases for TLS, but it does at least show how to use it.
|
