rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,004 Commits 46 Branches 69 Tags 31 MiB
Commit Graph

1004 Commits

Author SHA1 Message Date
Joseph Birr-Pixton 278009aa58 Take newer bogo for go1.14 
Another minor go version, another set of breakage.
 2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton bee4c891c1 Update macos image 2020-04-12 09:32:24 +01:00
Joseph Birr-Pixton 82da9c2011 Fix client detection of bad CertificateRequests 
A certificate request with no signature schemes is meaningless.
In TLS1.3 we reject this outright, but it was allowed in TLS1.2.
Fix that first.

Secondly, fix the TLS1.2 behaviour when `choose_scheme` fails:
we want to avoid any client auth in this case, not send a certificate
but be unable to send the matching CertificateVerify.
 2020-04-10 17:25:01 +01:00
Joseph Birr-Pixton 1e98fa2eb1 Allow verifiers to override signature verification 2020-03-29 21:08:20 +01:00
dependabot-preview[bot] bdaf35b2cc Update base64 requirement from 0.11 to 0.12 
Updates the requirements on [base64](https://github.com/marshallpierce/rust-base64) to permit the latest version.
- [Release notes](https://github.com/marshallpierce/rust-base64/releases)
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.11.0...v0.12.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-15 08:37:36 +00:00
Eli Flanagan d35d869d76 docs: prefer the IETF wording for cipher suites 
I also took the liberty of linking to the RFC page for curious readers.
 2020-03-15 08:36:55 +00:00
Joseph Birr-Pixton 9e92828b2f Fix typo. 2020-02-24 21:26:08 +00:00
Joseph Birr-Pixton 92600efb4f Prepare 0.17.0 2020-02-22 20:40:52 +00:00
Joseph Birr-Pixton 8a9fd05029 Don't panic on invalid private keys for client auth. 
This is a breaking change, because these APIs didn't report
failures before.
 2020-02-22 20:14:06 +00:00
Joseph Birr-Pixton 98a847df71 Require ring 0.16.11 for bug fix 2020-02-22 20:12:34 +00:00
Joseph Birr-Pixton 061b4f2767 Extend design documentation 2020-02-22 20:12:34 +00:00
Aaron Loucks 98d88f9a7a Enable documentation on docs.rs for items behind feature flags 2020-02-20 20:57:13 +00:00
dependabot-preview[bot] f6d35511e4 Update webpki-roots requirement from 0.18.0 to 0.19.0 
Updates the requirements on [webpki-roots](https://github.com/ctz/webpki-roots) to permit the latest version.
- [Release notes](https://github.com/ctz/webpki-roots/releases)
- [Commits](https://github.com/ctz/webpki-roots/compare/v/0.18.0...v/0.19.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-20 20:55:25 +00:00
Joseph Birr-Pixton 03b1ef03da Improvements to previous commit: 
- Don't report TLSError::AlertReceived from server when it sends
  an alert -- this error means an alert was received from the peer.
- Avoid SNI-specific alert types for client auth rejections.
- Improve new tests to also check alerts received by client.
- Improve/fix docs.
 2020-01-01 15:57:23 +00:00
Ryan Gorup 9c59aa91f5 Allow server to choose root cert for client auth based on SNI 2020-01-01 11:48:56 +00:00
Joseph Birr-Pixton 3882b3886a Delete std::error::Error::description impl 
It's deprecated.
 2020-01-01 10:52:50 +00:00
Joseph Birr-Pixton a511a2e976 Fix minor formatting weirdness 2020-01-01 10:35:13 +00:00
Joseph Birr-Pixton 866dd055b6 Test server rejection of tls1.3 kx overlap failure 2019-12-31 20:58:36 +00:00
Joseph Birr-Pixton 9636251d21 Refactor and test SNI server behaviour 2019-12-31 18:20:04 +00:00
thekuwayama fbdc4cb273 server rejects SNI containing multiple hostnames 2019-12-31 16:25:01 +00:00
Joseph Birr-Pixton 4da973d8c9 Patch bogo to fix golang 1.13 breakage 
Taking upstream patches to fix this in a different way requires 1.13,
which isn't available on travis or azure.
 2019-12-30 18:03:32 +00:00
Harry Barber 7d5a4303a1 Center Ferris and overview text 2019-12-30 12:40:13 +00:00
Joseph Birr-Pixton 1287510bec Clippy cleanups 2019-12-22 16:39:33 +00:00
Joseph Birr-Pixton 46ceafd9eb Clean up key_schedule.rs 
This no longer wants to be pub, and has some unused fields.
 2019-12-15 15:21:50 +00:00
Alexander Krotov cad0305cad Remove unused TLSError::InvalidDNS variant 2019-12-11 20:15:37 +00:00
Joseph Birr-Pixton d2c1e6c4b7 Typestate-ify TLS1.3 key schedule 
This prevents a variety of mistakes, for example:

- extracting the wrong key at a given point,
- failing to input secret data,
- encrypting data with fixed keys.
 2019-12-09 21:52:27 +00:00
Joseph Birr-Pixton 9902306ff9 tests: make KeyLogToVec print keys to stdout 
This is useful for current TLS1.3 KeySchedule refactoring.
 2019-12-08 19:17:19 +00:00
Benjamin Fry b12475d41e remove unnecessary dependency from rustls-mio 2019-12-07 12:37:54 +00:00
Joseph Birr-Pixton cc74f165e8 Reduce session type test threshold 
This is now ~500 bytes for non-quic, but still about 1.5KB for quic.
 2019-12-06 13:52:52 -08:00
Joseph Birr-Pixton 412add83da Move TLS1.3 KeySchedule into state machine 
This means moving key-update processing into the state-machine too.
 2019-12-06 13:42:04 -08:00
Joseph Birr-Pixton 909b9cf12d Push exporter implementation down into protocol-specific code 
This means SessionSecrets doesn't need to live in SessionCommon.  Instead,
it's threaded through the TLS1.2 handshake states.
 2019-12-01 12:20:11 -08:00
Joseph Birr-Pixton de5f4c6cf3 Extract record layer code from SessionCommon 2019-12-01 10:10:40 -08:00
Joseph Birr-Pixton 06fafe0b3b Fix commentary. 2019-11-28 12:45:10 -08:00
Joseph Birr-Pixton ae48de74fb Get rid of TLS1.0-era naming for shared secrets 2019-11-28 12:18:32 -08:00
Ryan Gorup 1d8114c807 Expose WebPKIVerifier under dangerous feature 2019-11-23 17:46:28 +00:00
Benjamin Saunders beb02deefe Update QUIC key update label for draft 24 2019-11-23 17:46:11 +00:00
Joseph Birr-Pixton d132d48a23 Work around bug in cargo workspaces 
To me, it's intuitive that `cargo test --no-default-features`
should run the tests for all subcrates in a workspace, building
each subcrate without its default features.

In fact, this doesn't work and has never worked.  And now it's
explicitly rejected in nightly.

Tracked upstream as rust-lang/cargo#4753
 2019-10-27 05:00:18 -07:00
dependabot-preview[bot] 88662c507d Update env_logger requirement from 0.6.1 to 0.7.1 
Updates the requirements on [env_logger](https://github.com/sebasmagri/env_logger) to permit the latest version.
- [Release notes](https://github.com/sebasmagri/env_logger/releases)
- [Changelog](https://github.com/sebasmagri/env_logger/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sebasmagri/env_logger/compare/v0.6.1...v0.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-27 08:35:09 +00:00
dependabot-preview[bot] b43dff097e Update webpki-roots requirement from 0.17.0 to 0.18.0 
Updates the requirements on [webpki-roots](https://github.com/ctz/webpki-roots) to permit the latest version.
- [Release notes](https://github.com/ctz/webpki-roots/releases)
- [Commits](https://github.com/ctz/webpki-roots/compare/v/0.17.0...v/0.18.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-10-27 08:34:28 +00:00
Alex Gaynor ac88486f11 Upgrade base64 dependency to 0.11 2019-10-27 08:33:54 +00:00
Joseph Birr-Pixton 32cade4826 Add small test for quic alpn behaviour 2019-10-08 20:45:40 +01:00
Benjamin Saunders cd76b8ee9a Send an alert on ALPN mismatch under QUIC 2019-10-08 20:45:40 +01:00
Benjamin Saunders 69b96b14b1 Allow early data to be rejected by the application 2019-09-21 18:35:46 +01:00
Benjamin Saunders 0e2649b80e Allow applications to pass data through resumption tickets 
Needed for QUIC and HTTP/3.
 2019-09-21 18:35:46 +01:00
Joseph Birr-Pixton 431f42b662 Typo 2019-09-15 21:35:33 +01:00
Joseph Birr-Pixton c6570d9de6 Prevent consumers calling ClientHello::new 
Otherwise adding new things here would be a breaking change
 2019-09-15 21:30:58 +01:00
Joseph Birr-Pixton 032f985ddf Mention ClientHello struct in changelog 2019-09-15 21:30:26 +01:00
Jerome Gravel-Niquet a0ed806d10 move ClientHello next to ResolvesServerCert 2019-09-15 21:15:39 +01:00
Jerome Gravel-Niquet 005736815e run all tests and fix bogo shim issues, format function signatures, modify comments for accurate documentation 2019-09-15 21:15:39 +01:00
Jerome Gravel-Niquet dbcc42f8d0 client_hello does not need to be a reference 2019-09-15 21:15:39 +01:00