rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
2,063 Commits 45 Branches 69 Tags 32 MiB
Commit Graph

2063 Commits

Author SHA1 Message Date
Jacob Hoffman-Andrews 2df280cae2 OwnedTrustAnchor: subject is a DistinguishedName 
Store the subject field as the DistinguishedName type, and also return
&DistinguishedName from subject().
 2023-03-29 08:53:17 +02:00
Jacob Hoffman-Andrews a8d763efd5 RootCertStore: remove deprecated subjects() 2023-03-29 08:53:17 +02:00
Jacob Hoffman-Andrews 646788e396 ClientCertVerifier: return &[DistinguishedNames] 
This removes a requirement that an implementation of ClientCertVerifier
produce a fresh Vec of acceptable root Subjects on each call. Instead,
the ClientCertVerifier can store a list of acceptable root subjects and
return references to it, which seems like the most common use case by far.
 2023-03-29 08:53:17 +02:00
Jacob Hoffman-Andrews c19c81ebd2 ClientCertVerifier: remove "abort connection" return values 
For client_auth_mandatory and client_auth_root_subjects, it was possible
to return None to abort the connection. With the removal of the `sni`
input parameter, this no longer makes sense, so remove the
Option-wrapping of these return values.
 2023-03-29 08:53:15 +02:00
Daniel McCarney 4d0c0dfbbb CI: test examples with --no-default-features. 
Previously the example directories weren't being tested with
`--no-default-features`, letting bitrot affect those configurations.

This commit includes those directories in the `--no-default-features`
task that run `cargo test`.
 2023-03-28 20:44:06 +02:00
Daniel McCarney cc80bebb64 examples: make logging mandatory. 
This commit simplifies the examples sub project to make logging
mandatory instead of an optional feature flag.

In general this is easier to reason about for small example code, and it
resolves a build error that was present when building w/
`--no-default-features` due to the unconditional use of the `log` crate.
 2023-03-28 20:44:06 +02:00
Jacob Hoffman-Andrews cad6b729ba error: restore PartialEq implementation 
Previously this was removed when adding `Arc<dyn StdError>` as an enum
field for CertificateError, which made it impossible to automatically
derive PartialEq for the whole enum. Trait objects (dyn Trait) don't
implement PartialEq.

However, we can get back PartialEq on the whole Error struct by manually
implementing it for CertificateError, considering `Other` values to
never be equal.
 2023-03-28 09:26:47 +02:00
Jacob Hoffman-Andrews 0892d019f9 Revert "Remove `PartialEq` from `rustls::Error`" 
This reverts commit 00d7ac50f9.
 2023-03-28 09:26:47 +02:00
Dirkjan Ochtman b415ebd014 client: stricter logic for resuming protocol versions 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman c93ef1ad04 client: extract check for cipher suite match 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman 92872f16d7 client: extract check for TLS 1.2 cipher suite 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman a61e492447 client: extract check for 1.3 resumption 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman 6906958210 client: check for empty tickets up front 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman 0f5feb1335 client: check enabled_tickets up front 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman 90a9fcbf5c client: extract resumption logic into function 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman 9ab016742c client: rename fill_in_binder to tls13_session 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman 66a7da9821 client: simplify ClientSessionValue API 2023-03-27 10:07:52 +02:00
Dirkjan Ochtman a8101900ac client: deduplicate state passed to tls13::prepare_resumption() 2023-03-27 10:07:52 +02:00
Daniel McCarney 88915ca43f
anchors: add a pointer from add to add_parseable. (#1248) 
Users that are iterating over a pile of root certificates (e.g. from
their system truststore) may call `RootCertStore::add` without realizing
that it will reject invalid certificates. These users should prefer the
more permissive `add_parseable_certificates`.

This commit introduces a rustdoc pointer from `add` to
`add_parseable_certificates` to hopefully make this more discoverable.
 2023-03-24 17:35:50 -04:00
Dirkjan Ochtman f4439da82c Remove use of Vec aliases 2023-03-24 21:30:09 +01:00
Dirkjan Ochtman 06191773c4 Remove ECPointFormatList trait in favor of associated const 2023-03-24 21:30:09 +01:00
Dirkjan Ochtman 4b5578d9bd Use generics to implement Codec for Vec wrappers 2023-03-24 21:30:09 +01:00
Dirkjan Ochtman 40c5048f27 Create a newtype wrapper for Sct 2023-03-24 21:30:09 +01:00
Dirkjan Ochtman f457cb1236 Create a newtype wrapper for ResponderId 2023-03-24 21:30:09 +01:00
Dirkjan Ochtman 169f14f757 Create a newtype wrapper for ProtocolName 2023-03-24 21:30:09 +01:00
Dirkjan Ochtman 8f53f8d8f9 Create a newtype wrapper for PresharedKeyBinder 2023-03-24 21:30:09 +01:00
Dirkjan Ochtman 04173a757d Create a newtype wrapper for DistinguishedName 2023-03-24 21:30:09 +01:00
Jacob Hoffman-Andrews 78b16d4231 Error: hide subvariants of InvalidMessage 
These subvariants were incidentally making enums from `internals` part
of the public API:

 - CertificateStatusType
 - KeyUpdateRequest
 - ECCurveType

But these enums don't add much information. For instance,
CertificateStatusType only has one valid value (OCSP), and all other
values would be Unknown(u8). Reporting that level of detail for the
unexpected response probably belongs more in a byte-by-byte protocol
debugger than the workaday Error type.

Also, rename UnsupportedCurve to UnsupportedCurveType to be slightly
more accurate.
 2023-03-24 09:39:03 +01:00
Jacob Hoffman-Andrews 2b3b797e69 Acceptor: remove deprecated methods and add docs 2023-03-23 16:03:26 -07:00
Dirkjan Ochtman 9fd7a4ee30 Make Error and macro-defined enums non-exhaustive 2023-03-23 14:48:44 +01:00
Dirkjan Ochtman 8846e12fe2 Test enum invariants in defining module 2023-03-23 12:25:21 +01:00
Dirkjan Ochtman a5b09d6055 Merge enums_test module into enums 2023-03-23 12:25:21 +01:00
Dirkjan Ochtman d4d268ddc8 Move SignatureAlgorithm to crate::enums 2023-03-23 12:25:21 +01:00
Dirkjan Ochtman 6e3da86e64 Remove single-impl DecomposedSignatureScheme trait 2023-03-23 12:25:21 +01:00
Dirkjan Ochtman f14e709209 Move DigitallySignedStruct into the public API 2023-03-22 16:35:01 -07:00
Daniel McCarney 6831835c56 quic: add export_keying_material to Connection. 
When the `quic::Connection` type was split out from the broader TLS
types consumers lost the ability to call `export_keying_material` to
achieve RFC 5705 keying material export. This commit adds the
`export_keying_material` fn to the `quic::Connection` type to restore
that functionality.
 2023-03-22 15:14:54 +01:00
Daniel McCarney d9f38ede62 quic: add server_name to ServerConnection. 
After splitting up the quic server connection types consumers lost the
ability to dig out the server name from the SNI extension the server
received. This commit adds the `server_name` function to
`quic::ServerConnection` to restore that ability.
 2023-03-22 15:14:54 +01:00
Daniel McCarney 9b8fa405cd server: rename sni_hostname -> server_name. 
The documentation retains mention of "server name indication" (SNI) for
folks that search the documentation with that more specific technical
term. For users not steeped in the deeper lore of TLS the new name
will be easier to find/understand.
 2023-03-22 15:14:54 +01:00
Joseph Birr-Pixton 3da27df035 Avoid ClientSessionCommon leaking into public API 
Hoist up rewind_epoch() (test-only code called solely by bogo_shim)
so it can be called on Tls12ClientSessionValue/Tls13ClientSessionValue
directly.
 2023-03-21 21:59:41 +00:00
Dirkjan Ochtman d8f04295ba Privatize ClientSessionValue APIs 2023-03-21 22:11:42 +01:00
Dirkjan Ochtman e84cf29d4c bogoshim: clean up imports 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman fc4e38ea22 quic: introduce separate QUIC ClientConnection and ServerConnection types 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman 153f125b8f Remove unused QUIC support from bogo shim 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman 72c20a5cde Hoist write_tls() from CommonState to ConnectionCommon 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman 50e06cb7e7 Introduce ConnectionCore type to hold core state and behavior 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman a6617232bf Inline ConnectionCommon::send_some_plaintext() 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman 4d910f2f81 Streamline CommonState::send_cert_verify_error_alert() 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman ffc414e4dc Attach send_cert_verify_error_alert() to CommonState 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman 787f43d12d Extract common_state module from conn 2023-03-21 21:44:30 +01:00
Dirkjan Ochtman fc1e364a93 quic: attach write_hs() to Quic 2023-03-21 21:44:30 +01:00