rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,203 Commits 47 Branches 71 Tags 34 MiB
Commit Graph

1203 Commits

Author SHA1 Message Date
Dirkjan Ochtman 3440410bd4 Pass around parts of CertifiedKey separately 2021-03-16 11:51:02 +01:00
Dirkjan Ochtman 452b1b275f client: thread transcript through handshake states 
This is useful because at a later point we'll want to split `HandshakeHash`
up in two separate types to make the type's internal state more resilient
and precise (no unwrapping required).
 2021-03-16 11:24:38 +01:00
Dirkjan Ochtman b5e9a2b45d client: only pass transcript where possible 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 69de7f467d client: inline ExpectFinished -> ExpectTraffic state 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 3084fd9872 client: inline ExpectCertificateRequest -> ExpectCertificate state 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 242a95c86e client: simplify extraction of server certificate chain 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman db75930ca3 client: inline ExpectCertificateVerify -> ExpectFinished state 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 525720d6e2 client: inline ExpectCertificateOrCertReq -> ExpectCertificateRequest transition 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 85938f7610 client: inline ExpectCertificateOrCertReq -> ExpectCertificate transition 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 1ec05e352a client: inline ExpectCertificate -> ExpectCertificateVerify state 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 5d081a403d client: inline ExpectEncryptedExtensions -> ExpectCertificateOrCertReq state 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman fdf6d29c92 client: inline ExpectEncryptedExtensions -> ExpectFinished state 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 020bdc7bae client: inline ExpectFinished -> ExpectTraffic state 2021-03-16 11:21:56 +01:00
Dirkjan Ochtman 7e0e5451fa client: inline ExpectNewTicket -> ExpectCCS state 2021-03-16 11:21:54 +01:00
Dirkjan Ochtman d11327c88d client: inline ExpectCCS -> ExpectFinished state 2021-03-16 11:21:43 +01:00
Dirkjan Ochtman 30cff05832 client: inline ExpectServerDone -> ExpectCCS state 2021-03-16 11:21:29 +01:00
Dirkjan Ochtman d0f9912479 client: inline ExpectServerDone -> ExpectNewTicket state 2021-03-16 11:21:08 +01:00
Dirkjan Ochtman 599f5de68f client: inline ExpectServerDoneOrCertReq -> ExpectServerDone transition 2021-03-16 11:20:37 +01:00
Dirkjan Ochtman 1868ee5e9f client: inline ExpectServerDoneOrCertReq -> ExpectCertificateRequest transition 2021-03-16 11:20:26 +01:00
Dirkjan Ochtman 511bb9cfe6 client: inline ExpectCertificateRequest -> ExpectServerDone state 2021-03-16 11:20:14 +01:00
Dirkjan Ochtman d18c63c5ef client: inline ExpectServerKX -> ExpectServerDoneOrCertReq state 2021-03-16 11:20:01 +01:00
Dirkjan Ochtman fd4e4776ab client: inline ExpectCertificateStatusOrServerKX -> ExpectCertificateStatus transition 2021-03-16 11:19:49 +01:00
Dirkjan Ochtman 5776b5c0ef client: inline ExpectCertificateStatusOrServerKX -> ExpectServerKX transition 2021-03-16 11:19:30 +01:00
Dirkjan Ochtman 36400da15b client: simplify extraction of OCSP response 2021-03-16 11:19:14 +01:00
Dirkjan Ochtman bd990e0cbb client: inline ExpectCertificateStatus -> ExpectServerKX state 2021-03-16 11:19:13 +01:00
Dirkjan Ochtman a09435804e client: inline ExpectCertificate -> ExpectServerKX state 2021-03-16 11:18:55 +01:00
Dirkjan Ochtman 4e9b5248c4 client: inline ExpectCertificate -> ExpectCertificateStatusorServerKX state 2021-03-16 11:18:32 +01:00
Dirkjan Ochtman 3faa414622 client: inline ExpectServerHello -> ExpectCertificate state 2021-03-16 11:17:38 +01:00
Dirkjan Ochtman 680390347f client: inline ExpectServerHello -> ExpectCCS state 2021-03-16 11:17:12 +01:00
Dirkjan Ochtman 647bd68afc client: inline ExpectServerHello -> ExpectNewTicket state 2021-03-16 11:14:37 +01:00
Dirkjan Ochtman a61e23cc98 client: inline ExpectServerHello -> ExpectEncryptedExtensions state 2021-03-16 11:13:06 +01:00
Robert Sayre 5e7b2d4a45 Refactor client EMS. 2021-03-15 23:31:14 +01:00
ctz fd6d63d032
Delete no_ecdhe test 
This doesn't work, and is really a test of whether `openssl s_server -no_ecdhe` works, which is not very interesting to us on balance.

Bogo provides am error handling tests for this case.
 2021-03-15 20:00:53 +00:00
RS 1a1835463a
Find Homebrew OpenSSL on M1. (#565) 2021-03-15 11:21:33 +01:00
RS 0d88af0677
Refactor server EMS state. (#561) 2021-03-15 09:20:53 +01:00
Brian Smith 552475df50 Refactor `ClientConfig` verifier configuration. 
When an alternate certificate verifier is used, Rustls old CT log and root
configuration was likely irrelevant to it. In particular, a system
certificate verifier will likely have its own settings set at the system
and/or user level. Move those fields out of `ClientConfig` to ensure they
are not used in that situation, and to avoid users wrongly expecting the
custom verifier to use these settings.

Change the API for constructing `ClientConfig` so that one can still
configure the list of CT logs and roots for the default verifier only.

To avoid starting an explosion in the number of `ClientConfig`
constructors, require the user to pass in the desired cipher suites to
each constructor. Document that the new `DEFAULT_CIPHERSUITES` should be
used to select the default values.

Hide the number of cipher suites in `ALL_CIPHERSUITES` from the type by
making it a slice, so that adding a cipher suite to `ALL_CIPHERSUITES` is
no longer an API breaking change.
 2021-03-14 17:43:12 +00:00
Brian Smith fcd4b9c5e2 Move CT configuration to the constructor of `WebPKIVerifier`. 2021-03-14 17:37:33 +00:00
Dirkjan Ochtman eb39623eb9 Rename public API types to conform to API guidelines 2021-03-14 17:09:06 +00:00
Joseph Birr-Pixton a5b3e35f45 Remove azure and improve github actions 
Maintaining two of these is pretty annoying, and github actions
seems to be pretty good quality.
 2021-03-14 17:08:13 +00:00
Dirkjan Ochtman 8ebe493675 Check LLVM version in coverage script (see #551) 2021-03-12 21:07:03 +00:00
Dirkjan Ochtman 15266ca293 Generate session randoms only once for clients 2021-03-11 20:37:48 +00:00
Dirkjan Ochtman 3d8f6c1c94 Make ClientSession::new() fallible 2021-03-11 19:43:41 +00:00
Dirkjan Ochtman cc4ed5fc57 Make randomness acquisition fallible (fixes #441) 2021-03-11 19:43:41 +00:00
ctz f9e1dd3566
Install llvm 12 for coverage build 
Rust nightly seem to have moved to LLVM 12 recently.
 2021-03-11 19:29:56 +00:00
Benjamin Saunders 32a143fe7f Support stable QUIC transport parameters handshake extension 
Preserves the prior extension for backwards-compatibility on the wire,
requiring an API tweak for the application to dictate which version to
be compatible with.
 2021-03-07 13:41:41 +01:00
ABGH, C 1721e5188f Refactor ExpectClientKX to inline methods to avoid unwrapping implicit state 2021-02-24 19:18:35 +01:00
ABGH, C 57bacb308d Refactor hs::can_resume to avoid its callers unwrapping 2021-02-24 09:20:07 +01:00
ABGH, C 678c4a3b68 Refactor ExpectClientKX::into_expect_tls12_certificate_verify to avoid unwrapping 2021-02-24 07:13:23 +01:00
Joseph Birr-Pixton f06ed3f336 Improve docs. 2021-02-21 19:12:41 +00:00
Joseph Birr-Pixton 88d3776511 Hook curve selection into bogo_shim 2021-02-21 19:12:41 +00:00