rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,966 Commits 47 Branches 71 Tags 34 MiB
Commit Graph

139 Commits

Author SHA1 Message Date
Dirkjan Ochtman 2682eb7446 client: add support for sending unsupported cipher suites 2023-02-02 12:21:31 +01:00
Joseph Birr-Pixton a1ee6d28ac Rework certificate errors 
rustls now has its own `CertificateError` type that aims to cover
most common errors with certificate validation.
 2023-01-25 12:24:25 +00:00
Joseph Birr-Pixton cfb0866793 Rename items in ClientSessionStore and improve docs 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 9fc1e8404c Plaster everything with cfg(feature = "tls12") 
Yeugh!
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton eb191d0cc4 Remove opaque StoresClientSessions interface 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 01b28318d5 Make StoresClientSessions transparent: sessions 
This is further code movement from the handshake code
that constructs session storage keys/values, into
the StoresClientSessions trait itself.

At this point the usage of StoresClientSessions by handshake code
is completely transparent as to what is being stored, and
the default trait functions map this down to the old opaque
interface.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton ec650c99db Add QUIC params to persist::Tls13ClientSessionValue 
Prior to this, these parameters were being seperately appended
to the session value.  That meant Tls13ClientSessionValue was
misleading as a venue which owned the whole session value encoding.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 39a26cdd47 Remove string content from `PeerIncompatibleError` 
This also:

- corrects use of hs::incompatible for client certificate verification
  failure.
- moves sni varying across hello retries to be a PeerMisbehaved, since
  that is explicitly disallowed by the standard.
 2023-01-23 15:16:31 +00:00
Joseph Birr-Pixton 88ea3966b7 Remove string content from `PeerMisbehavedError` 2023-01-23 15:16:31 +00:00
Jacob Hoffman-Andrews 2854a0dbe2 Move some enums that are part of the public API. 
Move ProtocolVersion, CipherSuite, and SignatureScheme from src/msgs/enums.rs
to src/enums.rs
 2022-05-30 10:28:01 +02:00
Dirkjan Ochtman 86f4695c8c Use original handshake encoding for transcript hash 
Stores the parsed data for a handshake message payload alongside
the encoded version to avoid having to re-encode the message when
updating the transcript hash. Also avoids encoding outgoing handshake
message payloads twice.
 2022-05-12 20:46:16 +02:00
Brian Smith 8d76aa67a9 Style: Replace `ref payload` with more idiomatic uses. 
There are other places `ref` is used but I didn't change those.
 2022-01-23 23:31:06 +01:00
Brian Smith a39b34cfc7 Remove `check_message`. 2022-01-23 23:31:06 +01:00
Brian Smith d82858c3ed Avoid redundant `check_message` calls. 
A common pattern in the code is:
```
     check_message(...);
     match m.payload {
     }
```

The check_message call does its own pattern matching very much like what
is immediately done after. Avoid doing that redundant pattern matching.
 2022-01-23 23:31:06 +01:00
Dirkjan Ochtman be5b3972a0 tls12: inline downgrade marker handling 
Avoids duplicating the client/server state in the ConnectionRandoms,
which was unused if TLS 1.2 was disabled.
 2022-01-21 21:06:44 +01:00
Dirkjan Ochtman 3405c4fc77 Implement enum for client/server distinctions 2022-01-21 21:06:44 +01:00
Joseph Birr-Pixton 7aaffe6977 Clean up client extension construction 
- move unconditional extensions into vec construction
- make supported_versions unconditional: it was conditional because
  one with zero elements is illegal, but in fact it is a library
  invariant that at last one version is configured.
 2022-01-15 11:08:48 +00:00
Dirkjan Ochtman 21ab032595 Silence clippy false positive warning 2021-12-23 15:35:14 +01:00
Joseph Birr-Pixton ce72d46a62 Fix build for slew between PRs #880 and #873 2021-12-18 12:12:49 +00:00
Dirkjan Ochtman 37ba809755 Minimize state passed to process_alpn_protocol() 2021-12-18 11:57:54 +00:00
Benjamin Saunders cbeb2d76b2 Strict ALPN checking for QUIC 2021-12-17 20:31:57 +01:00
Dirkjan Ochtman e1a2955e04 Clean up warnings for TLS 1.3-only code 2021-11-13 16:27:34 +00:00
Dirkjan Ochtman ebde8319cc Don't reference ALL_CIPHER_SUITES from ClientSessionValue methods 
This will prevent link-time elimination of unused cipher suites.
The new approach also prevents double-parsing of the CipherSuite,
at the expense of moving Codec methods to inherent implementations.
 2021-11-13 16:27:34 +00:00
Dirkjan Ochtman cfbe36168f client: use inner enums to clarify session ticket types 
This seems like a more natural representation of the protocol in the type
system, mapping one extension type to one value.
 2021-09-18 21:21:56 +02:00
Dirkjan Ochtman d8b8834175 client: deduplicate state passed to 1.2 ClientHello handler 
It isn't obvious whether `tls12::CompleteServerHelloHandling::session_id` is the
ID from the ClientHello or the ServerHello message (it is the latter). Eliminate
the possibility for confusion by eliminating the field, since it is redundant
with `handle_server_hello()`'s `server_hello` parameter.
 2021-09-18 21:21:56 +02:00
Dirkjan Ochtman 2f90c1bf73 client: split client session values to separate version-specific fields 
This should make it more obvious what functionality is used by what
version, making it harder for sentinel/default values to get misused.
 2021-09-18 13:56:12 +02:00
Dirkjan Ochtman 6e9e0f8d37 Don't carry resuming session forward if version is different 2021-09-12 17:45:58 +02:00
Dirkjan Ochtman 524b894d10 client: don't attempt resumption if resuming and server session ID are empty 
Make it clear in the type system that TLS 1.3 cache values don't carry
a SessionID, in order to prevent sentinel-empty values from being compared.
 2021-09-12 17:45:58 +02:00
Jan Verbeek 5e9ccd4b5b Fix error message when the client disabled the server's TLS version 2021-08-08 20:09:38 +01:00
Dirkjan Ochtman a055bd3801 Use a single State trait across client/server 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman 258fcf29c8 Split CommonState type out of ConnectionCommon 
This represents the state that state machine `State` implementers
can manipulate. As such, we want the lifetime of references to
`CommonState` to be outlived by the `ConnectionCommon`'s handshake
joiner and deframer.
 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman 0f17531c6f client: move most client-related items into public client module 2021-07-31 14:23:36 +02:00
Dirkjan Ochtman b18cca6148 Move suite types and instances into respective version modules 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman 5ce8ae605f Move key_schedule module into tls13 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman f35a22f7a3 Make TLS 1.2 optional 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman e9afee00de Flatten PKI error variants 2021-07-31 09:36:57 +01:00
Dirkjan Ochtman 9ff273d2c4 Remove remaining get_ prefixes from public API 2021-07-04 09:12:02 +01:00
Joseph Birr-Pixton 430c692f95 Privatise contents of rustls::Error::WebPkIError 2021-06-20 17:03:42 +01:00
Dirkjan Ochtman d38d7850c4 Fix needless borrowing 2021-06-18 14:24:42 +01:00
Dirkjan Ochtman ea03c97af4 Better represent random state in types 2021-06-18 06:54:10 +01:00
Dirkjan Ochtman c601719fb6 Require more precise visibility by denying unreachable_pub 2021-06-16 10:44:17 +02:00
Dirkjan Ochtman 5781abe374 Split transcript states into two different types 
This removes the unwrap() call and clarifies the different states.
 2021-06-06 10:12:28 +01:00
Dirkjan Ochtman b4d7708ad1 Split 1.2 and 1.3 cipher suites into separate types 2021-06-02 10:56:00 +01:00
Joseph Birr-Pixton 3defb7e46d Have a type for the client's name for the server 2021-05-30 11:21:41 +01:00
Brian Smith e83159d68d Client: Avoid `Arc::clone()` on the configuration. 
Avoid introducing any memory barrier through the cloning of the configuration
by avoiding the cloning.

Especially if the user doesn't need to use the config more more than one
connection, the internal clone is wasteful.
 2021-05-14 20:54:43 +02:00
Dirkjan Ochtman d6acb1e46a Thread config through handshake states 2021-05-14 20:54:43 +02:00
Joseph Birr-Pixton f87a8483c1 Unify builder interface for config items parts 2021-05-08 17:37:53 +01:00
Dirkjan Ochtman 2541d6679e client: move 1.3-specific ServerHello handling into tls13 2021-05-03 08:35:21 +01:00
Dirkjan Ochtman abf8af5b40 client: move 1.2-specific ServerHello handling into tls12 2021-05-03 08:35:21 +01:00
Brian Smith 8aeb87a3e6 Merge blocks for HelloRetryRequest group validation. 
The check is only unnecessary if/when we're changing the group.
 2021-05-02 14:23:19 +01:00