rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,839 Commits 47 Branches 71 Tags 34 MiB
Commit Graph

1839 Commits

Author SHA1 Message Date
Dirkjan Ochtman a951d7e373 Clean up warning for conditionally unused import 2022-06-15 11:49:54 +02:00
Dirkjan Ochtman 2b3c69340d verify: unify server verification into single method 2022-06-15 11:49:54 +02:00
Dirkjan Ochtman f974721f85 verify: extract server certificate verification into separate method 2022-06-15 11:03:07 +02:00
Dirkjan Ochtman 0f3808996f verify: pass pre-parsed certificate data to signature verification helpers 2022-06-15 10:39:39 +02:00
Dirkjan Ochtman 74e1fe95a6 client: check 1.2 signature scheme compatibility with cipher suite earlier 2022-06-15 10:00:11 +02:00
Jacob Hoffman-Andrews 2673750e0f Export DigitallySignedStruct in stable API 
This was exposed as part of the public API via ServerCertVerifier,
ClientCertVerifier, and structs that implement those two traits.

Transitively, this should expose PayloadU16 as part of the stable API, since
DigitallySignedStruct's `sig` field has type PayloadU16. However, PayloadU16
exposes unnecessary implementation details (specifically, that a given field is
encoded with 16-bit length). Instead, deprecate the `sig` field for public
access and provide a `sig() -> &[u8]` accessor instead.
 2022-06-14 18:30:40 +02:00
Jacob Hoffman-Andrews 5dab6ed654 Expose some enums as part of the stable API 
Expose AlertDescription, ContentType, and HandshakeType, SignatureAlgorithm,
and NamedGroup as part of the stable API. Previously they were part of the
unstable internals API, but were referenced by parts of the stable API.
 2022-06-13 18:18:30 +02:00
Jacob Hoffman-Andrews 4b9c20af1e Deprecate Acceptor::wants_read 
This method always returns true.
 2022-06-13 10:45:10 +02:00
Jacob Hoffman-Andrews a94a0055e1
MessageFragmenter: return an iterator (#1050) 
This avoids a couple of unnecessary allocations: the individual Payloads of the
fragmented messages were allocating and filling a Vec, and the call sites were
allocating a VecDeque to be filled with messages.

Instead, always return an iterator of BorrowedPlainMessage, which the caller can
iterate over.
 2022-06-13 10:30:45 +02:00
Joseph Birr-Pixton 8ce174fed3 Fix use_self warnings 
It seems clippy is getting better at enforcing our deny(clippy::use_self)
 2022-06-10 12:43:35 +02:00
ComplexSpaces 136d2d46f9 Document verifier certificate content guarantees 2022-06-03 08:08:13 +02:00
Jacob Hoffman-Andrews a748239220 Move allows to inner attributes. 
Move allow(missing_docs) and allow(non_camel_case_attributes) to inside their
appropriate modules.
 2022-05-30 10:28:01 +02:00
Jacob Hoffman-Andrews a4bd8afd92 Clean up imports 2022-05-30 10:28:01 +02:00
Jacob Hoffman-Andrews 2854a0dbe2 Move some enums that are part of the public API. 
Move ProtocolVersion, CipherSuite, and SignatureScheme from src/msgs/enums.rs
to src/enums.rs
 2022-05-30 10:28:01 +02:00
Jacob Hoffman-Andrews 67a8570840 Deprecate Acceptor::new 2022-05-30 10:20:36 +02:00
Jacob Hoffman-Andrews d2ff075457 impl Default for Acceptor 2022-05-30 10:20:36 +02:00
Jacob Hoffman-Andrews dde28baec1 Replace MessageFragmenter::new with impl Default 
Previously there were two paths that would check that a max_fragment_size was in
the acceptable range. Now there's just one path: calling set_max_fragment_size.

This provides a way to construct a MessageFragmenter with the default fragment
size that is error-free.
 2022-05-30 10:20:36 +02:00
Jacob Hoffman-Andrews 07ae6f45fb Derive Eq wherever PartialEq is derived. 
Fixes a clippy lint on nightly.
 2022-05-29 22:41:33 +02:00
Dirkjan Ochtman c6dcb4c0c6 Remove authors from Cargo metadata (see RFC 3052) 2022-05-18 09:52:33 +02:00
Dirkjan Ochtman a80fff5654 Bump version to 0.20.6 2022-05-18 09:52:33 +02:00
Dirkjan Ochtman bfe0d6253d Update changelog for 0.20.6 2022-05-18 09:52:33 +02:00
Dirkjan Ochtman 2f154643e5 Revert #1016 (attach location context to corrupt message errors) 
This is a breaking change in the Error type.
 2022-05-18 09:52:33 +02:00
Jacob Hoffman-Andrews 6cf275aeaa Move Debug impls closer to their types 2022-05-15 22:14:48 +02:00
Jacob Hoffman-Andrews 94428a3d77 tests/api.rs: Fix unused variable 2022-05-15 22:14:48 +02:00
Jacob Hoffman-Andrews bf5ecb84d0 Output hex for Payload Debug impls 
Previously, these were output as long arrays of decimal numbers, which
were noisy and hard to read. As hex numbers, it's a little easier to see
the structure, and if necessary to translate them into binary or decode
them independently.

Also output hex for Random and SessionID Debug impls.
 2022-05-15 22:14:48 +02:00
Jacob Hoffman-Andrews 4fc3a3af8c Impl Debug for dyn {Client,Server}CertVerifier 
And rely on that Debug impl to `#[derive(Debug)]` on client and server
config builders.
 2022-05-15 17:50:09 +02:00
Jacob Hoffman-Andrews 480f0a7950 Add test for ConfigBuilder's Debug impl 2022-05-15 17:50:09 +02:00
Jacob Hoffman-Andrews 08429bc04d Improve Debug impls for wrapped enums 
SupportedKxGroup, SupportedCipherSuite, and EnabledVersions have derived
Debug implementations, but these implementations wind up being
excessively noisy. Instead, delegate their Debug implementations to
their underlying enums.
 2022-05-15 17:50:09 +02:00
Jacob Hoffman-Andrews ae97eb7e79 impl Debug for WantsClientCert and WantsServerCert 2022-05-15 17:50:09 +02:00
Jacob Hoffman-Andrews 5f1cbaf522 Add Clone and Debug to more config states 2022-05-15 17:50:09 +02:00
Joseph Birr-Pixton 34ad3ab00e Prepare 0.20.5 2022-05-14 18:14:32 +01:00
Joseph Birr-Pixton a8d361c90a Deal with ServerHellos without any extensions 2022-05-14 18:01:33 +01:00
kdnakt 9da6446a84 Fix typos in comments 2022-05-14 17:34:23 +01:00
Dirkjan Ochtman 86f4695c8c Use original handshake encoding for transcript hash 
Stores the parsed data for a handshake message payload alongside
the encoded version to avoid having to re-encode the message when
updating the transcript hash. Also avoids encoding outgoing handshake
message payloads twice.
 2022-05-12 20:46:16 +02:00
randsoy 9b83dcfe71
[tls handshaked] fix:Interrupted system call (os error 4) (#1031) 
Dynamically load the FFI Library of trust using flutter in Android system.  `Connection Failed: tls connection init failed: Interrupted system call (os error 4)`.
 2022-05-12 11:28:47 +02:00
Jimmy Hartzell 093e88e7e1 remove extraneous trace 2022-05-07 07:49:24 +01:00
Jimmy Hartzell 014fce9040 Add support for IP addresses for dangerous clients only 2022-05-07 07:49:24 +01:00
dependabot[bot] a96c93c16d Update rustls-pemfile requirement from 0.3.0 to 1.0.0 
Updates the requirements on [rustls-pemfile](https://github.com/rustls/pemfile) to permit the latest version.
- [Release notes](https://github.com/rustls/pemfile/releases)
- [Commits](https://github.com/rustls/pemfile/compare/v/0.3.0...v/1.0.0)

---
updated-dependencies:
- dependency-name: rustls-pemfile
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-15 07:44:55 +02:00
ComplexSpaces c42c53e13d Attach location context to corrupt message errors 2022-03-31 10:23:46 +02:00
Jerome Gravel-Niquet 9d1557e571 convert some panic! in tests with assert_eq! 2022-03-20 10:32:11 +00:00
Jerome Gravel-Niquet fbb870621e make cipher suites part of tests 2022-03-20 10:32:11 +00:00
Jerome Gravel-Niquet ff38717c5a remove supported_cipher_suites function, leave that to the crate user 2022-03-20 10:32:11 +00:00
Jerome Gravel-Niquet 9d12776f58 add trace log for cipher suites 2022-03-20 10:32:11 +00:00
Jerome Gravel-Niquet fa243fd137 add comments 2022-03-20 10:32:11 +00:00
Jerome Gravel-Niquet b0b61b1f30 expose cipher suites from ClientHello 2022-03-20 10:32:11 +00:00
Jerome Gravel-Niquet 3f5eee91f4 fix clippy nightly errors 2022-03-18 10:44:18 -07:00
Joseph Birr-Pixton 0a5c977634 Attempt to improve TicketAgeSkew test reliability 2022-03-13 21:04:58 +00:00
Joseph Birr-Pixton 003bd4e264 Fix server::ResolvesServerCertUsingSni case sensitivity 
Extend testing to show this working.
 2022-03-13 20:50:40 +00:00
Joseph Birr-Pixton b3e354b3dc Build everything each night 
Goal: notice upstream breakages (like LLVM version) before unrelated
PRs run into them.
 2022-02-20 20:06:06 +00:00
Joseph Birr-Pixton 9c1e0862f7 Avoid using error handling code for control flow 
`require_handshake_msg` is designed to express message type
requirements: failures of those checks are expensive because
they involve logging output and allocations in the error value.

Introduce `is_handshake_msg` which does the same validation, but
just calculates a bool so is cheap.
 2022-02-20 19:57:09 +00:00