c51cf1e463
Implements setsockopt() for the socket offload driver to process the TLS tags sent in via the Zephyr setsockopt() API, when CONFIG_NET_SOCKETS_SOCKOPT_TLS is chosen. For each tag, the credential filenames are retrieved and set via SimpleLink's sl_SetSockOpt() API. Also, creates a new KConfig option for TLS_CREDENTIAL_FILENAMES. This new option is used by apps/protocols to add TLS credentials via filenames referring to the actual content stored on a secure file system or flash. Handles the IPPROTO_TLS_* socket protocol families in the socket() offloaded API. This was validated on the cc3220sf_launchxl with the http_get sockets sample, with the globalsign_r2.der file loaded to secure flash via the TI Uniflash tool, and using the TI Catalog of known good root CA's. Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
34 lines
909 B
Plaintext
34 lines
909 B
Plaintext
#
|
|
# Copyright (c) 2018 Nordic Semiconductor ASA
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
menuconfig TLS_CREDENTIALS
|
|
bool "TLS credentials management"
|
|
help
|
|
Enable TLS credentials management subsystem.
|
|
|
|
if TLS_CREDENTIALS
|
|
|
|
config TLS_MAX_CREDENTIALS_NUMBER
|
|
int "Maximum number of TLS credentials"
|
|
default 4
|
|
help
|
|
Maximum number of TLS credentials that can be registered.
|
|
|
|
config TLS_CREDENTIAL_FILENAMES
|
|
bool "Specify TLS credential filenames"
|
|
depends on NET_SOCKETS_OFFLOAD
|
|
help
|
|
Allows clients of the socket APIs to specify filenames
|
|
of security certificates and private keys
|
|
to use during subsequent TLS/SSL negotiations.
|
|
The secure files will have been previously provisioned to the
|
|
device's secure file system; eg, via a vendor tool or
|
|
by executing a separate binary.
|
|
This option is currently only available for secure
|
|
socket offload devices.
|
|
|
|
endif # TLS_CREDENTIALS
|