Dirkjan Ochtman
3440410bd4
Pass around parts of CertifiedKey separately
2021-03-16 11:51:02 +01:00
Dirkjan Ochtman
452b1b275f
client: thread transcript through handshake states
...
This is useful because at a later point we'll want to split `HandshakeHash`
up in two separate types to make the type's internal state more resilient
and precise (no unwrapping required).
2021-03-16 11:24:38 +01:00
Dirkjan Ochtman
b5e9a2b45d
client: only pass transcript where possible
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
69de7f467d
client: inline ExpectFinished -> ExpectTraffic state
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
3084fd9872
client: inline ExpectCertificateRequest -> ExpectCertificate state
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
242a95c86e
client: simplify extraction of server certificate chain
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
db75930ca3
client: inline ExpectCertificateVerify -> ExpectFinished state
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
525720d6e2
client: inline ExpectCertificateOrCertReq -> ExpectCertificateRequest transition
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
85938f7610
client: inline ExpectCertificateOrCertReq -> ExpectCertificate transition
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
1ec05e352a
client: inline ExpectCertificate -> ExpectCertificateVerify state
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
5d081a403d
client: inline ExpectEncryptedExtensions -> ExpectCertificateOrCertReq state
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
fdf6d29c92
client: inline ExpectEncryptedExtensions -> ExpectFinished state
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
020bdc7bae
client: inline ExpectFinished -> ExpectTraffic state
2021-03-16 11:21:56 +01:00
Dirkjan Ochtman
7e0e5451fa
client: inline ExpectNewTicket -> ExpectCCS state
2021-03-16 11:21:54 +01:00
Dirkjan Ochtman
d11327c88d
client: inline ExpectCCS -> ExpectFinished state
2021-03-16 11:21:43 +01:00
Dirkjan Ochtman
30cff05832
client: inline ExpectServerDone -> ExpectCCS state
2021-03-16 11:21:29 +01:00
Dirkjan Ochtman
d0f9912479
client: inline ExpectServerDone -> ExpectNewTicket state
2021-03-16 11:21:08 +01:00
Dirkjan Ochtman
599f5de68f
client: inline ExpectServerDoneOrCertReq -> ExpectServerDone transition
2021-03-16 11:20:37 +01:00
Dirkjan Ochtman
1868ee5e9f
client: inline ExpectServerDoneOrCertReq -> ExpectCertificateRequest transition
2021-03-16 11:20:26 +01:00
Dirkjan Ochtman
511bb9cfe6
client: inline ExpectCertificateRequest -> ExpectServerDone state
2021-03-16 11:20:14 +01:00
Dirkjan Ochtman
d18c63c5ef
client: inline ExpectServerKX -> ExpectServerDoneOrCertReq state
2021-03-16 11:20:01 +01:00
Dirkjan Ochtman
fd4e4776ab
client: inline ExpectCertificateStatusOrServerKX -> ExpectCertificateStatus transition
2021-03-16 11:19:49 +01:00
Dirkjan Ochtman
5776b5c0ef
client: inline ExpectCertificateStatusOrServerKX -> ExpectServerKX transition
2021-03-16 11:19:30 +01:00
Dirkjan Ochtman
36400da15b
client: simplify extraction of OCSP response
2021-03-16 11:19:14 +01:00
Dirkjan Ochtman
bd990e0cbb
client: inline ExpectCertificateStatus -> ExpectServerKX state
2021-03-16 11:19:13 +01:00
Dirkjan Ochtman
a09435804e
client: inline ExpectCertificate -> ExpectServerKX state
2021-03-16 11:18:55 +01:00
Dirkjan Ochtman
4e9b5248c4
client: inline ExpectCertificate -> ExpectCertificateStatusorServerKX state
2021-03-16 11:18:32 +01:00
Dirkjan Ochtman
3faa414622
client: inline ExpectServerHello -> ExpectCertificate state
2021-03-16 11:17:38 +01:00
Dirkjan Ochtman
680390347f
client: inline ExpectServerHello -> ExpectCCS state
2021-03-16 11:17:12 +01:00
Dirkjan Ochtman
647bd68afc
client: inline ExpectServerHello -> ExpectNewTicket state
2021-03-16 11:14:37 +01:00
Dirkjan Ochtman
a61e23cc98
client: inline ExpectServerHello -> ExpectEncryptedExtensions state
2021-03-16 11:13:06 +01:00
Robert Sayre
5e7b2d4a45
Refactor client EMS.
2021-03-15 23:31:14 +01:00
ctz
fd6d63d032
Delete no_ecdhe test
...
This doesn't work, and is really a test of whether `openssl s_server -no_ecdhe` works, which is not very interesting to us on balance.
Bogo provides am error handling tests for this case.
2021-03-15 20:00:53 +00:00
RS
1a1835463a
Find Homebrew OpenSSL on M1. ( #565 )
2021-03-15 11:21:33 +01:00
RS
0d88af0677
Refactor server EMS state. ( #561 )
2021-03-15 09:20:53 +01:00
Brian Smith
552475df50
Refactor `ClientConfig` verifier configuration.
...
When an alternate certificate verifier is used, Rustls old CT log and root
configuration was likely irrelevant to it. In particular, a system
certificate verifier will likely have its own settings set at the system
and/or user level. Move those fields out of `ClientConfig` to ensure they
are not used in that situation, and to avoid users wrongly expecting the
custom verifier to use these settings.
Change the API for constructing `ClientConfig` so that one can still
configure the list of CT logs and roots for the default verifier only.
To avoid starting an explosion in the number of `ClientConfig`
constructors, require the user to pass in the desired cipher suites to
each constructor. Document that the new `DEFAULT_CIPHERSUITES` should be
used to select the default values.
Hide the number of cipher suites in `ALL_CIPHERSUITES` from the type by
making it a slice, so that adding a cipher suite to `ALL_CIPHERSUITES` is
no longer an API breaking change.
2021-03-14 17:43:12 +00:00
Brian Smith
fcd4b9c5e2
Move CT configuration to the constructor of `WebPKIVerifier`.
2021-03-14 17:37:33 +00:00
Dirkjan Ochtman
eb39623eb9
Rename public API types to conform to API guidelines
2021-03-14 17:09:06 +00:00
Joseph Birr-Pixton
a5b3e35f45
Remove azure and improve github actions
...
Maintaining two of these is pretty annoying, and github actions
seems to be pretty good quality.
2021-03-14 17:08:13 +00:00
Dirkjan Ochtman
8ebe493675
Check LLVM version in coverage script (see #551 )
2021-03-12 21:07:03 +00:00
Dirkjan Ochtman
15266ca293
Generate session randoms only once for clients
2021-03-11 20:37:48 +00:00
Dirkjan Ochtman
3d8f6c1c94
Make ClientSession::new() fallible
2021-03-11 19:43:41 +00:00
Dirkjan Ochtman
cc4ed5fc57
Make randomness acquisition fallible ( fixes #441 )
2021-03-11 19:43:41 +00:00
ctz
f9e1dd3566
Install llvm 12 for coverage build
...
Rust nightly seem to have moved to LLVM 12 recently.
2021-03-11 19:29:56 +00:00
Benjamin Saunders
32a143fe7f
Support stable QUIC transport parameters handshake extension
...
Preserves the prior extension for backwards-compatibility on the wire,
requiring an API tweak for the application to dictate which version to
be compatible with.
2021-03-07 13:41:41 +01:00
ABGH, C
1721e5188f
Refactor ExpectClientKX to inline methods to avoid unwrapping implicit state
2021-02-24 19:18:35 +01:00
ABGH, C
57bacb308d
Refactor hs::can_resume to avoid its callers unwrapping
2021-02-24 09:20:07 +01:00
ABGH, C
678c4a3b68
Refactor ExpectClientKX::into_expect_tls12_certificate_verify to avoid unwrapping
2021-02-24 07:13:23 +01:00
Joseph Birr-Pixton
f06ed3f336
Improve docs.
2021-02-21 19:12:41 +00:00
Joseph Birr-Pixton
88d3776511
Hook curve selection into bogo_shim
2021-02-21 19:12:41 +00:00