rebase: port Reality feature onto upstream rustls main#8
Closed
ibigbug wants to merge 1522 commits into
Closed
Conversation
…alue::from_ticket()
This changes `Connection` into a trait rather than enum, and ensures that `ClientConnection` and `ServerConnection` impls it. This removes `ConnectionCommon` and `CommonState` derefs, and allows those types to become private. The `Deref` to `ConnectionOutputs` is maintained. This becomes important later, because the use of Deref commits us to using those parts for the internal representation of (eg) a `ClientConnection`. This comes with the pain that `use rustls::Connection` is needed for most users.
This withdraws: - `wants_read()`: not useful, since the library is only used for handshaking. - `wants_write()`: `write_hs` has a useful base case, and `wants_write()` was incorrect in relation to it anyway (did not inspect pending `hs_secrets` or `traffic_secrets`). - `send_close_notify()`: this produces a TLS-level alert, which is illegal in QUIC. None of these are used by Quinn.
This should be adequately covered by the fragmenter yielding zero chunks.
And hoist perhaps_write_key_update() out of loops.
In the case where SNI is disabled, `inner_sni` falls out of sync with `self.inner_name`. `inner_sni` is used to alter the inner hello's `server_name`, but `self.inner_name` was used as a basis for padding. This means padding would be added even if the extension wasn't, which ironically leaks the length of the inner name.
Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.78 to 0.10.79. - [Release notes](https://github.com/rust-openssl/rust-openssl/releases) - [Commits](rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79) --- updated-dependencies: - dependency-name: openssl dependency-version: 0.10.79 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Member
Author
|
Closing — branch was missing the actual Reality commits. Will redo properly. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Rebases the Watfaq Reality feature onto the latest upstream rustls
main, replacing the oldutls-0.23base (rustls 0.23.21 / webpki 0.102.8).This supersedes PR #7 (webpki 0.103.13 bump) — by tracking upstream we get a much newer webpki and all security fixes for free going forward.
Changes
main(~0.23.x → latest, webpki=0.104.0-alpha.7)watfaq-rustls(lib crate name staysrustlsfor doctest compatibility)rustls/src/client/reality.rs, hooks inhs.rs,builder.rs,client_conn.rsValidation
cargo check -p watfaq-rustls --all-features✅cargo check -p rustls-ring -p rustls-aws-lc-rs✅cargo test -p watfaq-rustls --all-features✅Next step
Once merged to
utls-0.23, update therevpin inclash-rs/clash-lib/Cargo.tomlto point at the new commit.