• Leigh Stoller's avatar
    First round of ssl'ification of tmcd/tmcc. This needs to be looked at · ffe40d2e
    Leigh Stoller authored
    by smarter brains by me (I have asked Dave to look it over). Anyway ...
    
    I added a top level ssl directory which has a bunch of goo for
    creating certificates and keys.  I currently create a Certificate
    Authority, a server certificate, and a client certificate. The private
    keys for all three are unencrypted, so no password is required. All
    key/cert combos can be installed on boss. The client side needs the
    key/cert pair (in one file), and the CA cert (no key!). There are
    install targets to do this. NOTE, you do not want to create/install
    these without being careful, since you could instantly invalidate all
    the clients!
    
    I have added the necessary SSL routines to tmcd/tmcc. See the ssl.c
    and ssl.h file. I have set it up so that with all you need to do is
    uncomment three lines in the makefile, and accept,connect,read,write,
    and close are redirected to SSL'ified versions in ssl.c. The current
    security model is that the client and server both "demand" certificate
    verification from the other side (as opposed to just server side
    verification). tmcd reads in server.pem, while tmcc reads in
    client.pem. Both read in the emulab.pem (CA cert with no private
    key).
    
    Initial testing indicates I have done this at least partially
    correctly. Whoever invented this stuff has a really twisted mind
    though. There are some questions at the top of ssl.c that need to be
    answered.
    
    Oh, also redid all the syslog stuff throughout tmcd.
    ffe40d2e
Name
Last commit
Last update
apache Loading commit data...
assign Loading commit data...
autoconf Loading commit data...
capture Loading commit data...
db Loading commit data...
dhcpd Loading commit data...
discvr Loading commit data...
doc Loading commit data...
event Loading commit data...
hw_config Loading commit data...
ipod Loading commit data...
lib Loading commit data...
os Loading commit data...
pxe Loading commit data...
rc.d Loading commit data...
rpms Loading commit data...
security Loading commit data...
sensors Loading commit data...
sql Loading commit data...
ssl Loading commit data...
sysadmin Loading commit data...
tbsetup Loading commit data...
testsuite Loading commit data...
tip Loading commit data...
tmcd Loading commit data...
utils Loading commit data...
vis Loading commit data...
www Loading commit data...
xmlrpc Loading commit data...
BUGS Loading commit data...
GNUmakefile.in Loading commit data...
GNUmakerules Loading commit data...
Makeconf.in Loading commit data...
PROJECTS Loading commit data...
README Loading commit data...
RESTRICTED-RIGHTS Loading commit data...
config.h.in Loading commit data...
configure Loading commit data...
configure.in Loading commit data...
defs-calfeld-emulab Loading commit data...
defs-default Loading commit data...
defs-mini Loading commit data...
defs-neo-paper Loading commit data...
defs-newbold-emulab Loading commit data...
defs-newbold-macdb Loading commit data...
defs-newbold-mini Loading commit data...
defs-ricci-emulab Loading commit data...
defs-ricci-mini Loading commit data...
defs-ricci-neo-paper Loading commit data...
defs-shash-emulab Loading commit data...
defs-shash-mini Loading commit data...
defs-stoller-emulab Loading commit data...
defs-stoller-home Loading commit data...
defs-stoller-mini Loading commit data...