rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
2,903 Commits 47 Branches 71 Tags 34 MiB
Commit Graph

2903 Commits

Author SHA1 Message Date
Daniel McCarney e54f5dffc0 msgs: ClientHelloPayload::get_sni_extension -> sni_extension 2024-01-05 14:21:50 +00:00
Daniel McCarney 7fbf361e77 msgs: ServerExtension::get_type -> ext_type 
Again, `type` isn't valid so we use `ext_type`.
 2024-01-05 14:21:50 +00:00
Daniel McCarney 042c913636 msgs: ClientExtension::get_type -> ext_type 
Unfortunately "type" is not a valid fn identifier, so we use "ext_type".
 2024-01-05 14:21:50 +00:00
Daniel McCarney 400b6e1992 msgs: get_single_hostname -> single_hostname 2024-01-05 14:21:50 +00:00
Daniel McCarney b3913a5ac2 enums: trailing commas for all enum_builder! uses 
Now that the `enum_builder!` macro allows a trailing comma this commit
updates each usage to include one. This will make any future diffs that
add elements to these enums easier to review.
 2024-01-04 20:56:15 +00:00
Daniel McCarney 1dce0df615 macros: allow trailing enum_builder comma 
Without allowing a trailing comma for invocations of the `enum_builder!`
macro we end up creating messy two line diffs for every addition to an
existing built enum.

This commit updates the macro definition to allow an optional trailing
comma.
 2024-01-04 20:56:15 +00:00
Josh Aas d683f4f7c0 Update ECH roadmap entry to reflect that it refers only to client side support. 2024-01-04 16:01:53 +00:00
Josh Aas 2a4aaa249e Update roadmap to reflect the fact that rustls-platform-verifier 0.1.0 has been released. 2024-01-04 16:01:53 +00:00
Daniel McCarney ba97712be2 examples: use CLI args vs env vars in simpleserver 2024-01-04 13:41:11 +00:00
Daniel McCarney f0934452ca examples: use CLI args vs env vars in unbuff-server 2024-01-04 13:41:11 +00:00
Daniel McCarney 59351ff6a4 examples: move consts to bottom in unbuff-server 2024-01-04 13:41:11 +00:00
Daniel McCarney 90fce7e9b4 examples: move consts to bottom in unbuff-client 2024-01-04 13:41:11 +00:00
Daniel McCarney 85b36ec8b0 examples: move consts to bottom in unbuff-async-client 2024-01-04 13:41:11 +00:00
Daniel McCarney 8c6fb1c9c3 examples: top-level doc comment for unbuffered-async-client 2024-01-04 13:41:11 +00:00
Daniel McCarney 83fa7a3d4f examples: top-level doc comment for unbuffered-server 2024-01-04 13:41:11 +00:00
Joseph Birr-Pixton f8cd4e82ec ci-bench: separately bench use of P384 curve 
This renames the P256 cases, so will introduce a
discontinuity in results tracking.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton da14317122 Test P521-SHA512 in bogo 
This makes it possible for our bogo config.json to vary
between providers.  That is achieved by -- with my sincere apologies --
applying the C preprocessor.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton b1101a8737 De-duplicate knowledge of test-ca/ CA names 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 6ede5d74f4 Avoid extraenous `.iter()` in for loops 
clippy was complaining about manual `.into_iter()` calls, but actually
the manual `.iter()` calls are also not very idiomatic.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 271c637bd9 Split test-ca ecdsa by curve; add p521 
This goes from being a single set of keys for ECDSA (with a
purposeful mix of curves) to a set of keys per curve.

That means we can avoid P521 chains in tests when it is not supported.

In those tests, reflect this as additional `KeyType` variants.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 2ed985853b aws_lc_rs::sign: add support for NISTP521 ECDSA keys 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 62779dfb5e aws_lc_rs::sign: note route to remove SEC1 hack 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton ec8d89b430 Split off crypto/aws_lc_rs/sign.rs 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 1980ba6d16 aws-lc-rs: support verifying with ECDSA_P521_SHA512 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 0a61a3ad4a Depend on rustls-webpki 0.102.1 2024-01-04 09:21:59 +00:00
Daniel McCarney 0d4b2dfa52 docs: provide more pointers for examples 
This commit provides more pointers to our existing examples and
additionally provides guidance about Rusts being low-level. Users that
just want to make an HTTPS request should probably use a crate built on
top of Rustls. Similarly, users in the Tokio ecosystem should look at
tokio-rustls.
 2024-01-03 15:05:49 +00:00
Daniel McCarney 0d7c256c32 docs: add README for examples 
* Inventory of the existing examples, with brief descriptions
* Guidance to look at the "simple" examples first.
 2024-01-03 15:05:38 +00:00
Daniel McCarney c9963b0ecc examples: add a simple server example 
This commit adds an example *server* that is roughly contemporary with
the existing "simpleclient".

It is the absolute bare minimum needed to run a server using Rustls
(e.g. it only accepts a single connection before terminating).

You can run the server with:
```
CERTFILE=test-ca/rsa/end.fullchain PRIV_KEY_FILE=test-ca/rsa/end.key  cargo run --package rustls-examples --bin simpleserver
```

And connect to it with a client:
```
cargo run --package rustls-examples --bin tlsclient-mio -- --port 4443 --cafile test-ca/rsa/ca.cert localhost --http
```
 2024-01-03 15:05:38 +00:00
Joseph Birr-Pixton 94a128b8d2 Exercise `AlreadyEncoded` error path in `EncodeTlsData` 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton 164135c29f Ensure `ReadTraffic::peek_len` works 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton afa7f14760 tests/unbuffered.rs: refactor and improve coverage 
Extract out the common structure of most of these tests, leaving
just the differences in their own tests.
 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton efc3b2e13b ring/sign.rs: improve testing 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton f804902c52 Correct `SignatureScheme::sign()` for ED25519/448 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton 450224cde9 ring/ticketer.rs: cover AeadTicketer 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton 74dcc950a5 ring/kx.rs: exercise `KxGroup::fmt` 
Remove unusable Debug derivation for `KeyExchange`
 2024-01-03 11:07:03 +00:00
Daniel McCarney b0bbb314b7 Cargo: update semver compat deps 
* Anyhow 1.0.75 -> 1.0.78
* Async-trait 0.1.74 -> 0.1.76
* Clap 4.4.11 -> 4.4.12
* Tokio 1.35.0 -> 1.35.1
* Serde-json 1.0.108 -> 1.0.109
 2024-01-02 14:37:34 +00:00
Niklas Fiekas 309a5d5051
Implement FromIterator for RootCertStore (#1708) 
Co-authored-by: Daniel McCarney <daniel@binaryparadox.net>
 2023-12-25 10:58:26 +01:00
Joseph Birr-Pixton 0cd488dff6 Clarify `ClientHello` `legacy_record_version` commentary 2023-12-21 15:21:41 +00:00
Christian Poveda f544352a2c move sendable_plaintext from CommonState to ConnectionCommon 2023-12-20 16:15:25 +00:00
Jorge Aparicio 390eaec7bc move CommonState::set_buffer_limit into ConnectionCommon 
add a `set_buffer_limit` method to `Connection` to minimize breakage
 2023-12-20 16:15:25 +00:00
Jorge Aparicio d4bdfa919c refactor non-buffering logic out of send_plain 2023-12-20 16:15:25 +00:00
Adolfo Ochagavía 93228ebdbf Add BENCHMARKING.md 
This file is meant as an entry point for users and contributors who are
interested in benchmarking rustls. It is linked from the readme so
people can find it easily.

Closes #1478 and #1685
 2023-12-20 16:13:01 +00:00
Christian Poveda 23167ecad6 Condense the `fragment_slice` return type 2023-12-19 20:45:35 +00:00
Adolfo Ochagavía 371463d812 ci-bench: explain motivation for wall-time measurements in readme 2023-12-19 14:40:39 +00:00
Joseph Birr-Pixton 7b39b27771 verify.rs: correct comment for `verify_server_name` 
This implies webpki checks the DN commonName value for DNS names.
It does not.
 2023-12-19 09:39:43 +00:00
Joseph Birr-Pixton 74fb489a2c Ensure buffer discard tracking works even on error 
This sticks the error from `process_tls_records()` inside
`UnbufferedStatus`.  That means the `discard` field is still
available, but continues to require handling the error to learn
the `state` field's underlying value.

TODO: the example code is made to unwrap errors in this PR.
They need reorganising so the discard processing happens before
error handling.
 2023-12-19 09:30:04 +00:00
Joseph Birr-Pixton 049b0c000d unbuffered: test for receipt of invalid messages 
This a) returns an error, and b) sends an alert.  But unfortunately
(a) doesn't include accounting for the processed bytes.
 2023-12-19 09:30:04 +00:00
Joseph Birr-Pixton 20f0a76dd5 impl Debug for UnbufferedStatus 
This allows people to use `unwrap_err`, etc.
 2023-12-19 09:30:04 +00:00
Joseph Birr-Pixton e0fea8b834 unbuffered: test receiving message byte-by-byte 2023-12-19 09:30:04 +00:00
Christian Poveda 147dc08816 Test that the transcripts for client and server match the expectations 2023-12-19 09:30:04 +00:00