Dirkjan Ochtman
2682eb7446
client: add support for sending unsupported cipher suites
2023-02-02 12:21:31 +01:00
ctz
8c75101878
Merge pull request #1182 from rustls/jbp-certificate-errors
...
Rework certificate errors
2023-01-25 16:52:48 +00:00
larsfillmore
646abf699d
Auto-shrink `MessageDeframer::buf` while at rest
2023-01-25 17:00:48 +01:00
Joseph Birr-Pixton
aea27248fd
Include underlying error in `CertificateError::Other`
2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton
00d7ac50f9
Remove `PartialEq` from `rustls::Error`
...
This can still be matched against, so move simple tests
from `assert_eq!(..,)` to `assert!(matches!(...))`.
In complex tests, prefer to have test failures that quote the
stringified errors; there's a helper function `assert_debug_eq` that
does that.
2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton
a777077257
Remove webpki::Error from public API
2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton
a1ee6d28ac
Rework certificate errors
...
rustls now has its own `CertificateError` type that aims to cover
most common errors with certificate validation.
2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton
600a8f2a32
Prefer `Error::EncryptError` to `Error::General`
2023-01-24 15:07:46 +00:00
ctz
571586a859
Merge pull request #1145 from rustls/jbp-client-persist
...
Rework client persistence interface for RFC8446 C.4 client tracking prevention
2023-01-24 14:20:59 +00:00
Joseph Birr-Pixton
c1f4a99661
Add test for non-reuse of tickets by TLS1.3 client
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
cfb0866793
Rename items in ClientSessionStore and improve docs
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
4cadd4c6eb
Rename StoresClientSessions trait
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
9fc1e8404c
Plaster everything with cfg(feature = "tls12")
...
Yeugh!
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
869306f6b3
Forget TLS1.2 sessions when TLS1.3 is successful
...
In the presence of a server that starts being able to do TLS1.3,
this prevents clients from resuming a TLS1.2 session if it
runs out of TLS1.3 tickets.
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
d780790329
Allow configuring how many TLS1.3 tickets servers send
...
This changes the default from 1 to 4 tickets.
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
a41ca7b8c2
Remove client session storage from tlsclient example
...
Persisting sessions to disk is now harder -- though not impossible.
But probably isn't pulling its weight in example code.
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
eb191d0cc4
Remove opaque StoresClientSessions interface
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
01b28318d5
Make StoresClientSessions transparent: sessions
...
This is further code movement from the handshake code
that constructs session storage keys/values, into
the StoresClientSessions trait itself.
At this point the usage of StoresClientSessions by handshake code
is completely transparent as to what is being stored, and
the default trait functions map this down to the old opaque
interface.
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
ec650c99db
Add QUIC params to persist::Tls13ClientSessionValue
...
Prior to this, these parameters were being seperately appended
to the session value. That meant Tls13ClientSessionValue was
misleading as a venue which owned the whole session value encoding.
2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton
8c803bcd5c
Make StoresClientSessions transparent: kx hints
...
The goal here is that, incrementally, StoresClientSessions is
precisely the operations that rustls wants to perform on
its session_storage trait object.
2023-01-23 15:30:45 +00:00
Joseph Birr-Pixton
39a26cdd47
Remove string content from `PeerIncompatibleError`
...
This also:
- corrects use of hs::incompatible for client certificate verification
failure.
- moves sni varying across hello retries to be a PeerMisbehaved, since
that is explicitly disallowed by the standard.
2023-01-23 15:16:31 +00:00
Joseph Birr-Pixton
88ea3966b7
Remove string content from `PeerMisbehavedError`
2023-01-23 15:16:31 +00:00
Dirkjan Ochtman
5bd3b9fad0
tls13: let key schedule prepare key update message
2023-01-18 17:49:40 +01:00
Dirkjan Ochtman
469e443e00
tls13: provide more ergonomic encrypter/decrypter derivation APIs
2023-01-18 17:49:40 +01:00
Dirkjan Ochtman
e12b8dc104
tls13: let key schedule update record layer state
2023-01-18 17:49:40 +01:00
Dirkjan Ochtman
961f71e650
tls13: let key schedule handle decrypter updates
2023-01-18 17:49:40 +01:00
Dirkjan Ochtman
be41ca54a9
tls13: let key schedule handle encrypter updates
2023-01-18 17:49:40 +01:00
Dirkjan Ochtman
849aff0034
tls13: store full cipher suites in key schedules
2023-01-18 17:49:40 +01:00
Dirkjan Ochtman
cb06cb2e08
tls13: deduplicate traffic secret derivation
2023-01-18 17:49:40 +01:00
Dirkjan Ochtman
1acd7a7139
deframer: join handshake messages in deframer buffer
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
ca94b6a599
deframer: extract method to discard bytes from buffer
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
5aa5f62882
deframer: use std::io::Cursor for tests
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
c3a84dedae
deframer: derive Default implementation
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
6555b9f630
deframer: move decryption into deframer
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
8befe7b47d
record_layer: make RecordLayer public as part of internals
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
a5cbe93f26
record_layer: strengthen decrypt abstraction
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
4488205e97
deframer: read in 4096-byte blocks and adjust buffer size accordingly
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
cd615a09b9
deframer: parse messages lazily
2023-01-17 21:17:13 +01:00
Dirkjan Ochtman
f7267730db
Update license to use SPDX-compatible operators
2023-01-16 11:18:24 +01:00
Dirkjan Ochtman
a5d8f0ce87
examples: remove authors from Cargo metadata (per RFC 3052)
2023-01-16 11:18:24 +01:00
Dirkjan Ochtman
b4e48468a0
examples: set rust-version to help guide clippy
2023-01-16 11:18:24 +01:00
Brian Smith
6dfa67809d
Replace `doc(hidden)` with `pub(crate)` where those semantics are intended.
...
I think these uses of `doc(hidden)` are trying to implement `pub(crate)`
semantics. Perhaps it was done this way a long time ago when `pub(crate)`
wasn't a think.
This change causes an `unreachable_pub` warning for `PlaintextSink`, so
make that `pub(crate)` too.
Some external users might be using these even though they probably shouldn't
be, so this is technically a breaking change.
2023-01-16 10:32:14 +01:00
Dirkjan Ochtman
e1731db6b7
Use Side in the bogo_shim option state
2023-01-15 16:27:26 +01:00
Dirkjan Ochtman
e4ac86f279
Make Side public and use it for quic::Keys::initial()
2023-01-15 16:27:26 +01:00
Dirkjan Ochtman
1d314aad44
quic: take Side argument instead of bool
2023-01-15 16:27:26 +01:00
Joseph Birr-Pixton
af65d961ee
Merge branch 'feat-ip-address' into main
2023-01-13 15:51:31 +00:00
Joseph Birr-Pixton
38e26f5755
Support IP address names in default verify_server_cert()
2023-01-13 15:43:30 +00:00
Joseph Birr-Pixton
d312391239
Move to rustls-webpki fork
2023-01-13 15:43:30 +00:00
Joseph Birr-Pixton
ad403b6677
Prepare for next rustls release
2023-01-13 15:43:30 +00:00
Dirkjan Ochtman
bdd1392a50
Switch from criterion to bencher
...
This has less rich output but doesn't have any dependencies, very
much unlike criterion (which was breaking our minimal versions check).
2023-01-13 12:11:26 +01:00