• Chad Barb's avatar
    Added SSL to capture (enabled with -DWITHSSL) · 2e536ba3
    Chad Barb authored
    To tip (or tiptunnel on a normal acl,) capture behaves the same.
    However, if a client connects and presents "USESSL" as the first six characters of their
    connection key, both sides initiate SSL negotiation.
    The server then attempts to get the key again. The second one is used for the check.
    
    SSL initialization is done on the first attempt by a client to connect via SSL.
    Capture assumes $(prefix)/etc/capture/cert.pem contains its certificate unless
    the '-c <certfile>' option is used.. if the certificate is not found or invalid, that
    connection fails, but normal connections will still succeed (and it will try to find the file
    again, next time an SSL connection is attempted.)
    
    On the client side, tiptunnel only uses ssl if there is a "ssl-server-cert:"
    property in the acl file. This is the SHA hash of the certificate that the capture server is
    expected to have (in hex.) If the certificate presented by the server does not hash to the
    same value, the connection is dropped.
    2e536ba3
Name
Last commit
Last update
apache Loading commit data...
assign Loading commit data...
autoconf Loading commit data...
capture Loading commit data...
db Loading commit data...
dhcpd Loading commit data...
discvr Loading commit data...
doc Loading commit data...
event Loading commit data...
hw_config Loading commit data...
ipod Loading commit data...
lib Loading commit data...
os Loading commit data...
pxe Loading commit data...
rc.d Loading commit data...
rpms Loading commit data...
security Loading commit data...
sensors Loading commit data...
sql Loading commit data...
ssl Loading commit data...
sysadmin Loading commit data...
tbsetup Loading commit data...
testsuite Loading commit data...
tip Loading commit data...
tmcd Loading commit data...
utils Loading commit data...
vis Loading commit data...
www Loading commit data...
xmlrpc Loading commit data...
BUGS Loading commit data...
GNUmakefile.in Loading commit data...
GNUmakerules Loading commit data...
Makeconf.in Loading commit data...
PROJECTS Loading commit data...
README Loading commit data...
RESTRICTED-RIGHTS Loading commit data...
config.h.in Loading commit data...
configure Loading commit data...
configure.in Loading commit data...
defs-calfeld-emulab Loading commit data...
defs-default Loading commit data...
defs-mini Loading commit data...
defs-neo-paper Loading commit data...
defs-newbold-emulab Loading commit data...
defs-newbold-macdb Loading commit data...
defs-newbold-mini Loading commit data...
defs-ricci-emulab Loading commit data...
defs-ricci-mini Loading commit data...
defs-ricci-neo-paper Loading commit data...
defs-shash-emulab Loading commit data...
defs-shash-mini Loading commit data...
defs-stoller-emulab Loading commit data...
defs-stoller-home Loading commit data...
defs-stoller-mini Loading commit data...