Adding TLS Terminator to a KasperskyOS-based solution

To add the TLS Terminator component to a KasperskyOS-based solution, you must do the following:

• Add the following commands to the CMakeLists.txt root file:

  # Connect the tls package for working with TLS Terminator.

  find_package (tls REQUIRED COMPONENTS ENTITY CLIENT_LIB)

  include_directories (${tls_INCLUDE})

• When building a solution (CMakeLists.txt file for the Einit program) using the CMake command set_target_properties(), in the EXTRA_ARGS and EXTRA_ENV properties, define the startup parameters and environment variables of the TLS Terminator component and assign the necessary values to them. For example:

  # Define the startup parameters and environment variables for TLS Terminator.

  set_target_properties (${tls_ENTITY} PROPERTIES

  EXTRA_ARGS "

  - \"--cert\"

  - \"/ssl/client_crt_rsa_2048.pem\"

  - \"--key\"

  - \"/ssl/client_key_rsa_2048.pem\"

  - \"--server_min_rsa_keys_size\"

  - \"2048:2048:2048\""

  EXTRA_ENV "

  VFS_FILESYSTEM_BACKEND: client:kl.VfsEntity

  VFS_NETWORK_BACKEND: client:kl.VfsEntity"

  )

  Specify TLS Terminator as the network VFS backend for the client program. To do so, in the CMake command set_target_properties(), in the EXTRA_ENV property, define a value for the environment variable of the VFS program:

  set_target_properties (client PROPERTIES

  EXTRA_ENV "VFS_NETWORK_BACKEND: client:kl.TlsEntity"

  )

  Alternatively, the values of startup parameters and environment variables can be defined not only in the CMakeLists.txt file for the Einit program but also in the solution initialization description file named init.yaml. In the example below, TLS Terminator is specified as the network VFS backend for the WebServer program:

  - name: secure_login.WebServer

  env:

  VFS_NETWORK_BACKEND: client:kl.TlsEntity

• Include the TLS Terminator component EDL file in the security.psl.in template for the solution security policy description:

  use EDL kl.TlsEntity

Page top