rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,966 Commits 45 Branches 69 Tags 32 MiB
Commit Graph

1966 Commits

Author SHA1 Message Date
Dirkjan Ochtman 2682eb7446 client: add support for sending unsupported cipher suites 2023-02-02 12:21:31 +01:00
ctz 8c75101878
Merge pull request #1182 from rustls/jbp-certificate-errors 
Rework certificate errors
 2023-01-25 16:52:48 +00:00
larsfillmore 646abf699d Auto-shrink `MessageDeframer::buf` while at rest 2023-01-25 17:00:48 +01:00
Joseph Birr-Pixton aea27248fd Include underlying error in `CertificateError::Other` 2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton 00d7ac50f9 Remove `PartialEq` from `rustls::Error` 
This can still be matched against, so move simple tests
from `assert_eq!(..,)` to `assert!(matches!(...))`.

In complex tests, prefer to have test failures that quote the
stringified errors; there's a helper function `assert_debug_eq` that
does that.
 2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton a777077257 Remove webpki::Error from public API 2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton a1ee6d28ac Rework certificate errors 
rustls now has its own `CertificateError` type that aims to cover
most common errors with certificate validation.
 2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton 600a8f2a32 Prefer `Error::EncryptError` to `Error::General` 2023-01-24 15:07:46 +00:00
ctz 571586a859
Merge pull request #1145 from rustls/jbp-client-persist 
Rework client persistence interface for RFC8446 C.4 client tracking prevention
 2023-01-24 14:20:59 +00:00
Joseph Birr-Pixton c1f4a99661 Add test for non-reuse of tickets by TLS1.3 client 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton cfb0866793 Rename items in ClientSessionStore and improve docs 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 4cadd4c6eb Rename StoresClientSessions trait 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 9fc1e8404c Plaster everything with cfg(feature = "tls12") 
Yeugh!
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 869306f6b3 Forget TLS1.2 sessions when TLS1.3 is successful 
In the presence of a server that starts being able to do TLS1.3,
this prevents clients from resuming a TLS1.2 session if it
runs out of TLS1.3 tickets.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton d780790329 Allow configuring how many TLS1.3 tickets servers send 
This changes the default from 1 to 4 tickets.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton a41ca7b8c2 Remove client session storage from tlsclient example 
Persisting sessions to disk is now harder -- though not impossible.
But probably isn't pulling its weight in example code.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton eb191d0cc4 Remove opaque StoresClientSessions interface 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 01b28318d5 Make StoresClientSessions transparent: sessions 
This is further code movement from the handshake code
that constructs session storage keys/values, into
the StoresClientSessions trait itself.

At this point the usage of StoresClientSessions by handshake code
is completely transparent as to what is being stored, and
the default trait functions map this down to the old opaque
interface.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton ec650c99db Add QUIC params to persist::Tls13ClientSessionValue 
Prior to this, these parameters were being seperately appended
to the session value.  That meant Tls13ClientSessionValue was
misleading as a venue which owned the whole session value encoding.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 8c803bcd5c Make StoresClientSessions transparent: kx hints 
The goal here is that, incrementally, StoresClientSessions is
precisely the operations that rustls wants to perform on
its session_storage trait object.
 2023-01-23 15:30:45 +00:00
Joseph Birr-Pixton 39a26cdd47 Remove string content from `PeerIncompatibleError` 
This also:

- corrects use of hs::incompatible for client certificate verification
  failure.
- moves sni varying across hello retries to be a PeerMisbehaved, since
  that is explicitly disallowed by the standard.
 2023-01-23 15:16:31 +00:00
Joseph Birr-Pixton 88ea3966b7 Remove string content from `PeerMisbehavedError` 2023-01-23 15:16:31 +00:00
Dirkjan Ochtman 5bd3b9fad0 tls13: let key schedule prepare key update message 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman 469e443e00 tls13: provide more ergonomic encrypter/decrypter derivation APIs 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman e12b8dc104 tls13: let key schedule update record layer state 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman 961f71e650 tls13: let key schedule handle decrypter updates 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman be41ca54a9 tls13: let key schedule handle encrypter updates 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman 849aff0034 tls13: store full cipher suites in key schedules 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman cb06cb2e08 tls13: deduplicate traffic secret derivation 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman 1acd7a7139 deframer: join handshake messages in deframer buffer 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman ca94b6a599 deframer: extract method to discard bytes from buffer 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman 5aa5f62882 deframer: use std::io::Cursor for tests 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman c3a84dedae deframer: derive Default implementation 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman 6555b9f630 deframer: move decryption into deframer 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman 8befe7b47d record_layer: make RecordLayer public as part of internals 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman a5cbe93f26 record_layer: strengthen decrypt abstraction 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman 4488205e97 deframer: read in 4096-byte blocks and adjust buffer size accordingly 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman cd615a09b9 deframer: parse messages lazily 2023-01-17 21:17:13 +01:00
Dirkjan Ochtman f7267730db Update license to use SPDX-compatible operators 2023-01-16 11:18:24 +01:00
Dirkjan Ochtman a5d8f0ce87 examples: remove authors from Cargo metadata (per RFC 3052) 2023-01-16 11:18:24 +01:00
Dirkjan Ochtman b4e48468a0 examples: set rust-version to help guide clippy 2023-01-16 11:18:24 +01:00
Brian Smith 6dfa67809d Replace `doc(hidden)` with `pub(crate)` where those semantics are intended. 
I think these uses of `doc(hidden)` are trying to implement `pub(crate)`
semantics. Perhaps it was done this way a long time ago when `pub(crate)`
wasn't a think.

This change causes an `unreachable_pub` warning for `PlaintextSink`, so
make that `pub(crate)` too.

Some external users might be using these even though they probably shouldn't
be, so this is technically a breaking change.
 2023-01-16 10:32:14 +01:00
Dirkjan Ochtman e1731db6b7 Use Side in the bogo_shim option state 2023-01-15 16:27:26 +01:00
Dirkjan Ochtman e4ac86f279 Make Side public and use it for quic::Keys::initial() 2023-01-15 16:27:26 +01:00
Dirkjan Ochtman 1d314aad44 quic: take Side argument instead of bool 2023-01-15 16:27:26 +01:00
Joseph Birr-Pixton af65d961ee Merge branch 'feat-ip-address' into main 2023-01-13 15:51:31 +00:00
Joseph Birr-Pixton 38e26f5755 Support IP address names in default verify_server_cert() 2023-01-13 15:43:30 +00:00
Joseph Birr-Pixton d312391239 Move to rustls-webpki fork 2023-01-13 15:43:30 +00:00
Joseph Birr-Pixton ad403b6677 Prepare for next rustls release 2023-01-13 15:43:30 +00:00
Dirkjan Ochtman bdd1392a50 Switch from criterion to bencher 
This has less rich output but doesn't have any dependencies, very
much unlike criterion (which was breaking our minimal versions check).
 2023-01-13 12:11:26 +01:00