gbridge: controllers: add a tls controller #6
Assignees
Comments
cfriedt
added a commit
that referenced
this issue
Dec 26, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 27, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 27, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 27, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 28, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 28, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
cfriedt
added a commit
that referenced
this issue
Dec 28, 2020
This change adds a new TLS controller based off of the TCP/IP controller. The TLS controller allows the user to specify a) a CA cert (for when self-signed certificates are used on the device) b) a client certificate & key (for when the device is configured to also authenticate the client) Also organized cflags and ldlibs in Makefile.am. Fixes #6 Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This change is required to support cfriedt/greybus-for-zephyr#25, in which TLS support was added to greybus-for-zephyr.
In this context, gbridge is the client and Zephyr (or some other process / device) is the server, "certificate" is synonymous with "public key", etc.
In this ticket, we would like to enable TLS support for 2 possible configurations:
In both of the above cases, usage of the standard TLS 1.2 protocol ensures that industry standard symmetric key negotiation and encryption practices are used after authentication is performed.
OpenSSL has s_server.c and s_client.c as examples with server and client documentation.
The text was updated successfully, but these errors were encountered: