forked from anobli/gbridge
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gbridge: controllers: add a tls controller #6
Comments
cfriedt
added a commit
that referenced
this issue
Dec 26, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 27, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 27, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 27, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 28, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 28, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 28, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This change is required to support cfriedt/greybus-for-zephyr#25, in which TLS support was added to greybus-for-zephyr.
In this context, gbridge is the client and Zephyr (or some other process / device) is the server, "certificate" is synonymous with "public key", etc.
In this ticket, we would like to enable TLS support for 2 possible configurations:
In both of the above cases, usage of the standard TLS 1.2 protocol ensures that industry standard symmetric key negotiation and encryption practices are used after authentication is performed.
OpenSSL has s_server.c and s_client.c as examples with server and client documentation.
The text was updated successfully, but these errors were encountered: