From 02178a8b5843a2c5a59fb7b104e4f9f5df1ff5ee Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Thu, 9 Nov 2017 14:09:14 -0800 Subject: fixes #3 TLS transport This introduces a new transport (compatible with the TLS transport from mangos), using TLS v1.2. To use the new transport, you must have the mbed TLS library available on your system (Xenial libmbedtls-dev). You can use version 2.x or newer -- 1.3.x and PolarSSL versions are not supported. You enable the TLS transport with -DNNG_TRANSPORT_TLS=ON in the CMake configuration. You must configure the server certificate by default, and this can only be done using nng options. See the nng_tls man page for details. This work is experimental, and was made possible by Capitar IT Group BV, and Staysail Systems, Inc. --- cmake/FindmbedTLS.cmake | 80 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 cmake/FindmbedTLS.cmake (limited to 'cmake') diff --git a/cmake/FindmbedTLS.cmake b/cmake/FindmbedTLS.cmake new file mode 100644 index 00000000..e0c0aa5a --- /dev/null +++ b/cmake/FindmbedTLS.cmake @@ -0,0 +1,80 @@ +# +# Copyright 2017 Garrett D'Amore +# Copyright 2017 Capitar IT Group BV +# +# This software is supplied under the terms of the MIT License, a +# copy of which should be located in the distribution where this +# file was obtained (LICENSE.txt). A copy of the license may also be +# found online at https://opensource.org/licenses/MIT. +# + +# +# Try to find the mbed TLS libraries. +# +# Sets the following: +# +# MBEDTLS_INCLUDE_DIR - Where to find ssl.h, etc. +# MBEDTLS_FOUND - True if we found mbedtls. +# MBEDTLS_CRYPTO_LIBRARY - The mbedcrypto library. +# MBEDTLS_X509_LIBRARY - The mbedx509 library. +# MBEDTLS_TLS_LIBRARY - The mbedtls library. +# MBEDTLS_LIBRARIES - List of all three mbedtls libraries. +# MBEDTLS_VERSION - $major.$minor.$revision (e.g. ``2.6.0``). +# +# Hints: +# +# Set ``MBEDTLS_ROOT_DIR`` to the root directory of mbed TLS installation. +# + +set(_MBEDTLS_ROOT_HINTS ${MBEDTLS_ROOT_DIR} ENV MBEDTLS_ROOT_DIR) + +include(FindPackageHandleStandardArgs) + +find_path(MBEDTLS_INCLUDE_DIR + NAMES mbedtls/ssl.h + HINTS ${_MBEDTLS_ROOT_HINTS} + PATHS /usr/local + PATH_SUFFIXES include) + +find_library(MBEDTLS_CRYPTO_LIBRARY + NAMES mbedcrypto + HINTS ${_MBEDTLS_ROOT_HINTS} + PATHS /usr/local + PATH_SUFFIXES lib) + +find_library(MBEDTLS_X509_LIBRARY + NAMES mbedx509 + HINTS ${_MBEDTLS_ROOT_HINTS} + PATHS /usr/local + PATH_SUFFIXES lib) + +find_library(MBEDTLS_TLS_LIBRARY + NAMES mbedtls + HINTS ${_MBEDTLS_ROOT_HINTS} + PATHS /usr/local + PATH_SUFFIXES lib) + +set(MBEDTLS_LIBRARIES + ${MBEDTLS_TLS_LIBRARY} + ${MBEDTLS_X509_LIBRARY} + ${MBEDTLS_CRYPTO_LIBRARY}) + +if (${MBEDTLS_TLS_LIBRARY-NOTFOUND}) + message(FATAL_ERROR "Failed to find mbed TLS library") +endif() + +mark_as_advanced( + MBEDSSL_INCLUDE_DIR + MBEDTLS_LIBRRIES + MBEDTLS_CRYPTO_LIBRARY + MBEDTLS_X509_LIBRARY + MBEDTLS_TLS_LIBRARY) + +# Extract the version from the header... hopefully it matches the library. +file(STRINGS ${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h _MBEDTLS_VERLINE + REGEX "^#define[ \t]+MBEDTLS_VERSION_STRING[\t ].*") +string(REGEX REPLACE ".*MBEDTLS_VERSION_STRING[\t ]+\"(.*)\"" "\\1" MBEDTLS_VERSION ${_MBEDTLS_VERLINE}) + +find_package_handle_standard_args(mbedTLS + REQUIRED_VARS MBEDTLS_TLS_LIBRARY MBEDTLS_CRYPTO_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_INCLUDE_DIR VERSION_VAR MBEDTLS_VERSION) + -- cgit v1.2.3-70-g09d2