Joseph Birr-Pixton
278009aa58
Take newer bogo for go1.14
...
Another minor go version, another set of breakage.
2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton
bee4c891c1
Update macos image
2020-04-12 09:32:24 +01:00
Joseph Birr-Pixton
82da9c2011
Fix client detection of bad CertificateRequests
...
A certificate request with no signature schemes is meaningless.
In TLS1.3 we reject this outright, but it was allowed in TLS1.2.
Fix that first.
Secondly, fix the TLS1.2 behaviour when `choose_scheme` fails:
we want to avoid any client auth in this case, not send a certificate
but be unable to send the matching CertificateVerify.
2020-04-10 17:25:01 +01:00
Joseph Birr-Pixton
1e98fa2eb1
Allow verifiers to override signature verification
2020-03-29 21:08:20 +01:00
dependabot-preview[bot]
bdaf35b2cc
Update base64 requirement from 0.11 to 0.12
...
Updates the requirements on [base64](https://github.com/marshallpierce/rust-base64 ) to permit the latest version.
- [Release notes](https://github.com/marshallpierce/rust-base64/releases )
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md )
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.11.0...v0.12.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-15 08:37:36 +00:00
Eli Flanagan
d35d869d76
docs: prefer the IETF wording for cipher suites
...
I also took the liberty of linking to the RFC page for curious readers.
2020-03-15 08:36:55 +00:00
Joseph Birr-Pixton
9e92828b2f
Fix typo.
2020-02-24 21:26:08 +00:00
Joseph Birr-Pixton
92600efb4f
Prepare 0.17.0
2020-02-22 20:40:52 +00:00
Joseph Birr-Pixton
8a9fd05029
Don't panic on invalid private keys for client auth.
...
This is a breaking change, because these APIs didn't report
failures before.
2020-02-22 20:14:06 +00:00
Joseph Birr-Pixton
98a847df71
Require ring 0.16.11 for bug fix
2020-02-22 20:12:34 +00:00
Joseph Birr-Pixton
061b4f2767
Extend design documentation
2020-02-22 20:12:34 +00:00
Aaron Loucks
98d88f9a7a
Enable documentation on docs.rs for items behind feature flags
2020-02-20 20:57:13 +00:00
dependabot-preview[bot]
f6d35511e4
Update webpki-roots requirement from 0.18.0 to 0.19.0
...
Updates the requirements on [webpki-roots](https://github.com/ctz/webpki-roots ) to permit the latest version.
- [Release notes](https://github.com/ctz/webpki-roots/releases )
- [Commits](https://github.com/ctz/webpki-roots/compare/v/0.18.0...v/0.19.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-20 20:55:25 +00:00
Joseph Birr-Pixton
03b1ef03da
Improvements to previous commit:
...
- Don't report TLSError::AlertReceived from server when it sends
an alert -- this error means an alert was received from the peer.
- Avoid SNI-specific alert types for client auth rejections.
- Improve new tests to also check alerts received by client.
- Improve/fix docs.
2020-01-01 15:57:23 +00:00
Ryan Gorup
9c59aa91f5
Allow server to choose root cert for client auth based on SNI
2020-01-01 11:48:56 +00:00
Joseph Birr-Pixton
3882b3886a
Delete std::error::Error::description impl
...
It's deprecated.
2020-01-01 10:52:50 +00:00
Joseph Birr-Pixton
a511a2e976
Fix minor formatting weirdness
2020-01-01 10:35:13 +00:00
Joseph Birr-Pixton
866dd055b6
Test server rejection of tls1.3 kx overlap failure
2019-12-31 20:58:36 +00:00
Joseph Birr-Pixton
9636251d21
Refactor and test SNI server behaviour
2019-12-31 18:20:04 +00:00
thekuwayama
fbdc4cb273
server rejects SNI containing multiple hostnames
2019-12-31 16:25:01 +00:00
Joseph Birr-Pixton
4da973d8c9
Patch bogo to fix golang 1.13 breakage
...
Taking upstream patches to fix this in a different way requires 1.13,
which isn't available on travis or azure.
2019-12-30 18:03:32 +00:00
Harry Barber
7d5a4303a1
Center Ferris and overview text
2019-12-30 12:40:13 +00:00
Joseph Birr-Pixton
1287510bec
Clippy cleanups
2019-12-22 16:39:33 +00:00
Joseph Birr-Pixton
46ceafd9eb
Clean up key_schedule.rs
...
This no longer wants to be pub, and has some unused fields.
2019-12-15 15:21:50 +00:00
Alexander Krotov
cad0305cad
Remove unused TLSError::InvalidDNS variant
2019-12-11 20:15:37 +00:00
Joseph Birr-Pixton
d2c1e6c4b7
Typestate-ify TLS1.3 key schedule
...
This prevents a variety of mistakes, for example:
- extracting the wrong key at a given point,
- failing to input secret data,
- encrypting data with fixed keys.
2019-12-09 21:52:27 +00:00
Joseph Birr-Pixton
9902306ff9
tests: make KeyLogToVec print keys to stdout
...
This is useful for current TLS1.3 KeySchedule refactoring.
2019-12-08 19:17:19 +00:00
Benjamin Fry
b12475d41e
remove unnecessary dependency from rustls-mio
2019-12-07 12:37:54 +00:00
Joseph Birr-Pixton
cc74f165e8
Reduce session type test threshold
...
This is now ~500 bytes for non-quic, but still about 1.5KB for quic.
2019-12-06 13:52:52 -08:00
Joseph Birr-Pixton
412add83da
Move TLS1.3 KeySchedule into state machine
...
This means moving key-update processing into the state-machine too.
2019-12-06 13:42:04 -08:00
Joseph Birr-Pixton
909b9cf12d
Push exporter implementation down into protocol-specific code
...
This means SessionSecrets doesn't need to live in SessionCommon. Instead,
it's threaded through the TLS1.2 handshake states.
2019-12-01 12:20:11 -08:00
Joseph Birr-Pixton
de5f4c6cf3
Extract record layer code from SessionCommon
2019-12-01 10:10:40 -08:00
Joseph Birr-Pixton
06fafe0b3b
Fix commentary.
2019-11-28 12:45:10 -08:00
Joseph Birr-Pixton
ae48de74fb
Get rid of TLS1.0-era naming for shared secrets
2019-11-28 12:18:32 -08:00
Ryan Gorup
1d8114c807
Expose WebPKIVerifier under dangerous feature
2019-11-23 17:46:28 +00:00
Benjamin Saunders
beb02deefe
Update QUIC key update label for draft 24
2019-11-23 17:46:11 +00:00
Joseph Birr-Pixton
d132d48a23
Work around bug in cargo workspaces
...
To me, it's intuitive that `cargo test --no-default-features`
should run the tests for all subcrates in a workspace, building
each subcrate without its default features.
In fact, this doesn't work and has never worked. And now it's
explicitly rejected in nightly.
Tracked upstream as rust-lang/cargo#4753
2019-10-27 05:00:18 -07:00
dependabot-preview[bot]
88662c507d
Update env_logger requirement from 0.6.1 to 0.7.1
...
Updates the requirements on [env_logger](https://github.com/sebasmagri/env_logger ) to permit the latest version.
- [Release notes](https://github.com/sebasmagri/env_logger/releases )
- [Changelog](https://github.com/sebasmagri/env_logger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sebasmagri/env_logger/compare/v0.6.1...v0.7.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-10-27 08:35:09 +00:00
dependabot-preview[bot]
b43dff097e
Update webpki-roots requirement from 0.17.0 to 0.18.0
...
Updates the requirements on [webpki-roots](https://github.com/ctz/webpki-roots ) to permit the latest version.
- [Release notes](https://github.com/ctz/webpki-roots/releases )
- [Commits](https://github.com/ctz/webpki-roots/compare/v/0.17.0...v/0.18.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-10-27 08:34:28 +00:00
Alex Gaynor
ac88486f11
Upgrade base64 dependency to 0.11
2019-10-27 08:33:54 +00:00
Joseph Birr-Pixton
32cade4826
Add small test for quic alpn behaviour
2019-10-08 20:45:40 +01:00
Benjamin Saunders
cd76b8ee9a
Send an alert on ALPN mismatch under QUIC
2019-10-08 20:45:40 +01:00
Benjamin Saunders
69b96b14b1
Allow early data to be rejected by the application
2019-09-21 18:35:46 +01:00
Benjamin Saunders
0e2649b80e
Allow applications to pass data through resumption tickets
...
Needed for QUIC and HTTP/3.
2019-09-21 18:35:46 +01:00
Joseph Birr-Pixton
431f42b662
Typo
2019-09-15 21:35:33 +01:00
Joseph Birr-Pixton
c6570d9de6
Prevent consumers calling ClientHello::new
...
Otherwise adding new things here would be a breaking change
2019-09-15 21:30:58 +01:00
Joseph Birr-Pixton
032f985ddf
Mention ClientHello struct in changelog
2019-09-15 21:30:26 +01:00
Jerome Gravel-Niquet
a0ed806d10
move ClientHello next to ResolvesServerCert
2019-09-15 21:15:39 +01:00
Jerome Gravel-Niquet
005736815e
run all tests and fix bogo shim issues, format function signatures, modify comments for accurate documentation
2019-09-15 21:15:39 +01:00
Jerome Gravel-Niquet
dbcc42f8d0
client_hello does not need to be a reference
2019-09-15 21:15:39 +01:00