Add tls server example - Githubissues

apache / incubator-teaclave-trustzone-sdk

Teaclave TrustZone SDK enables safe, functional, and ergonomic development of trustlets.

https://teaclave.apache.org

Apache License 2.0

204 stars 58 forks source link

Add tls server example #77

Closed DemesneGH closed 2 years ago

DemesneGH commented 2 years ago

The tls_server-rs example sets up the TLS server in TA. Same as the tls_client-rs example, it also needs the larger TA heap buffer. So in the CI process, it uses QEMU images which expand the TA memory.

Updates:

Add examples/tls_server-rs/
Add tests/test_tls_server.sh
Update tests/optee-qemuv8.sh for forwarding the host port 54433 to the guest port 4433
Ignore keys and certs in the license checking process

DemesneGH commented 2 years ago

@mssun There are more keys and certs in tls_server-rs/ta/test-ca which are generated in multiple algorithms (ecdsa, eddsa, and rsa). But the tls server example only loads ecdsa keys. Should we remove the build-a-pki.sh script and the other keys? Or just reserve them in the directory?

mssun commented 2 years ago

@mssun There are more keys and certs in tls_server-rs/ta/test-ca which are generated in multiple algorithms (ecdsa, eddsa, and rsa). But the tls server example only loads ecdsa keys. Should we remove the build-a-pki.sh script and the other keys? Or just reserve them in the directory?

I think we can remove the script and leave the test certificates only.

DemesneGH commented 2 years ago

I think we can remove the script and leave the test certificates only.

OK. The script build-a-pki.sh and the related config file openssl.cnf have been removed.