Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted SNI #155

Merged
merged 35 commits into from
Dec 20, 2018
Merged

Encrypted SNI #155

merged 35 commits into from
Dec 20, 2018

Conversation

kazuho
Copy link
Member

@kazuho kazuho commented Jul 6, 2018
edited
Loading

implements https://datatracker.ietf.org/doc/draft-rescorla-tls-esni/

ToDo:

  • refactor the API related to private keys
    • ptls_parse_esni should accept a callback that is used to load the private key (which could return an ptls_key_exchange_context_t * encapsulating a private key protected by neverbleed)
  • add tests

@kazuho
extend the key-exchange API
22349de 
* add pointer from context to algo
* allow reuse (adds `release` flag to `on_exchange`)
* add `load`, `save` callbacks
* add `data` for simplification (internal ID passing)
@kazuho
_XOPEN_SOURCE should only be set on linux (otherwise cannot build cod…
11250be 
…e that uses libresolv on macOS)
@kazuho
it works!
2065107
@kazuho
sscanf should use SCN not PRI
499a8ae
@kazuho
set _GNU_SOURCE on linux to use getaddrinfo and libresolv at the sa…
9a80f72 
…me time
@kazuho
record if ESNI was used
4f699f8
Lekensteyn
Lekensteyn reviewed Jul 16, 2018
View reviewed changes
src/esni.c Outdated Show resolved Hide resolved
Lekensteyn
Lekensteyn reviewed Jul 16, 2018
View reviewed changes
t/cli.c Show resolved Hide resolved
This was referenced Oct 24, 2018
Open
Closed
@kazuho kazuho added this to the post-ietf-103 milestone Nov 3, 2018
@kazuho
rename server-side context to "esni_context"
68f2531
@kazuho
retain esni_keys as part of the context
3caddbd
@kazuho
[refactor] retain ESNI private key outside of picotls
aee1976 
* Now, private key can be managed outside of the memory space.
* Added API to convert EVP_PKEY to ptls-openssl key exchange.
* Commands receive filenames of ESNI private keys as options.
* picotls-esni command emits just the raw ESNIKeys.

The commit reverts previous changes to the key-exchange API that
added the load and save interfaces.
@kazuho
Merge branch 'master' into kazuho/esni
583b6e2
@kazuho
fix incorrect value
8e36e85
@kazuho
add x25519 support for ESNI
2486aa1
@kazuho
--help fix
52b7552
@kazuho
add tests
2841a21
@kazuho kazuho changed the title [wip] Encrypted SNI Encrypted SNI Dec 17, 2018
@kazuho
Copy link
Member Author

kazuho commented Dec 17, 2018

The PR is ready, will soon be merged to master.

@kazuho kazuho merged commit d240c4f into master Dec 20, 2018
This was referenced Jan 28, 2019
Merged
Merged
@Lekensteyn Lekensteyn mentioned this pull request Apr 3, 2019
Open
@HLFH HLFH mentioned this pull request Aug 17, 2019
Open
@Gunni Gunni mentioned this pull request Jun 25, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lekensteyn Lekensteyn Lekensteyn left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
post-ietf-103
Development

Successfully merging this pull request may close these issues.
3 participants
@kazuho @Lekensteyn @ekr