configuration UPDATE truststore support added
Client's keys can now be stored in the truststore module and used for
the SSH authentication.
diff --git a/src/session_p.h b/src/session_p.h
index 899f9d1..1995d05 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -109,6 +109,12 @@
char *cert_base64; /**< Base-64 encoded certificate. */
};
+struct nc_certificate_bag {
+ char *name;
+ struct nc_certificate *certs;
+ uint16_t cert_count;
+};
+
/**
* @brief An asymmetric key.
*/
@@ -141,6 +147,20 @@
char *pub_base64; /**< Base-64 encoded public key. */
};
+struct nc_public_key_bag {
+ char *name;
+ struct nc_public_key *pubkeys;
+ uint16_t pubkey_count;
+};
+
+struct nc_truststore {
+ struct nc_certificate_bag *cert_bags;
+ uint16_t cert_bag_count;
+
+ struct nc_public_key_bag *pub_bags;
+ uint16_t pub_bag_count;
+};
+
/**
* @brief Keystore YANG module representation.
*/
@@ -172,7 +192,7 @@
struct nc_public_key *pubkeys; /**< The client's public keys. */
uint16_t pubkey_count; /**< The number of client's public keys. */
};
- char *ts_reference; /**< Reference to a trust-store. */
+ struct nc_public_key_bag *ts_ref; /**< Reference to a truststore. */
};
char *password; /**< Client's password */
@@ -370,7 +390,8 @@
#endif
pthread_rwlock_t config_lock;
- struct nc_keystore keystore; /**< store for keys/certificates */
+ struct nc_keystore keystore; /**< store for server's keys/certificates */
+ struct nc_truststore truststore; /**< store for server client's keys/certificates */
struct nc_bind *binds;
struct nc_endpt {