In this edge case (not specified by RFC8446) we send a fatal
invalid_parameter alert, but then keep processing incoming messages.
This led to a debug assert failure when a later message also sent
an alert.
This can still be matched against, so move simple tests
from `assert_eq!(..,)` to `assert!(matches!(...))`.
In complex tests, prefer to have test failures that quote the
stringified errors; there's a helper function `assert_debug_eq` that
does that.
In the presence of a server that starts being able to do TLS1.3,
this prevents clients from resuming a TLS1.2 session if it
runs out of TLS1.3 tickets.
This is further code movement from the handshake code
that constructs session storage keys/values, into
the StoresClientSessions trait itself.
At this point the usage of StoresClientSessions by handshake code
is completely transparent as to what is being stored, and
the default trait functions map this down to the old opaque
interface.
Prior to this, these parameters were being seperately appended
to the session value. That meant Tls13ClientSessionValue was
misleading as a venue which owned the whole session value encoding.
The goal here is that, incrementally, StoresClientSessions is
precisely the operations that rustls wants to perform on
its session_storage trait object.
This also:
- corrects use of hs::incompatible for client certificate verification
failure.
- moves sni varying across hello retries to be a PeerMisbehaved, since
that is explicitly disallowed by the standard.
I think these uses of `doc(hidden)` are trying to implement `pub(crate)`
semantics. Perhaps it was done this way a long time ago when `pub(crate)`
wasn't a think.
This change causes an `unreachable_pub` warning for `PlaintextSink`, so
make that `pub(crate)` too.
Some external users might be using these even though they probably shouldn't
be, so this is technically a breaking change.