Investigate if we can use quiche_conn_new_with_tls to interface with our SslContext implementation #97
Comments
|
Making good progress here... That said I did go a bit of a different route and implemented stuff directly here with BoringSSL. This also make the deployment store better. Should have a PR up very shortly. |
This was referenced Jan 20, 2021
normanmaurer
added a commit
to netty/netty
that referenced
this issue
Jan 20, 2021
…ext implementations Motivation: We should expose some methods as protected to make it easier to write custom SslContext implementations. This will be reused by the code for netty/netty-incubator-codec-quic#97 Modifications: - Add protected to some static methods which are useful for sub-classes - Remove some unused methods - Move *Wrapper classes to util package and make these public Result: Easier to write custom SslContext implementations
normanmaurer
added a commit
that referenced
this issue
Jan 21, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 21, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
to netty/netty
that referenced
this issue
Jan 21, 2021
…ext implementations (#10953) Motivation: We should expose some methods as protected to make it easier to write custom SslContext implementations. This will be reused by the code for netty/netty-incubator-codec-quic#97 Modifications: - Add protected to some static methods which are useful for sub-classes - Remove some unused methods - Move *Wrapper classes to util package and make these public Result: Easier to write custom SslContext implementations
normanmaurer
added a commit
to netty/netty
that referenced
this issue
Jan 21, 2021
…ext implementations (#10953) Motivation: We should expose some methods as protected to make it easier to write custom SslContext implementations. This will be reused by the code for netty/netty-incubator-codec-quic#97 Modifications: - Add protected to some static methods which are useful for sub-classes - Remove some unused methods - Move *Wrapper classes to util package and make these public Result: Easier to write custom SslContext implementations
normanmaurer
added a commit
that referenced
this issue
Jan 21, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 22, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 22, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 22, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 22, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 25, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 25, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 25, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 25, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 25, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
normanmaurer
added a commit
that referenced
this issue
Jan 25, 2021
Motivation: People often want to use their own custom keymaterial selection / certificate validation. This was not possible as all of this was handled internally by quiche. Modification: - Allow to implement custom key material selection - Allow to implement custom certificate validation - Port over some code from netty-tcnative / netty - Use our own vendored boringssl libraries when compiling Result: Fixes #97
ZzxyNn
pushed a commit
to ZzxyNn/netty
that referenced
this issue
Jan 29, 2021
…ext implementations (netty#10953) Motivation: We should expose some methods as protected to make it easier to write custom SslContext implementations. This will be reused by the code for netty/netty-incubator-codec-quic#97 Modifications: - Add protected to some static methods which are useful for sub-classes - Remove some unused methods - Move *Wrapper classes to util package and make these public Result: Easier to write custom SslContext implementations
raidyue
pushed a commit
to raidyue/netty
that referenced
this issue
Jul 8, 2022
…ext implementations (netty#10953) Motivation: We should expose some methods as protected to make it easier to write custom SslContext implementations. This will be reused by the code for netty/netty-incubator-codec-quic#97 Modifications: - Add protected to some static methods which are useful for sub-classes - Remove some unused methods - Move *Wrapper classes to util package and make these public Result: Easier to write custom SslContext implementations
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should investigate if we can use
quiche_conn_new_with_tlsand so add some "tighter" integration with what we already have in netty.https://github.com/cloudflare/quiche/blob/master/include/quiche.h#L235
Doing so we may be able to reuse some logic that we have to hook in
TrustManagerFactory/KeyManagerFactoryetc.One downside with this would be that we need to be careful to use the same BoringSSL version all the time and so we need to match
netty-incubator-codec-quicversions withnetty-tcnative-boringssl-staticversions. That said it may still be worthwhile to do.Some other related links:
https://github.com/jiegec/nginx-http3/blob/1dd466ea6f534e58beab221409b1662754c45305/src/event/ngx_event_quic.c
https://github.com/cloudflare/quiche/blob/master/src/lib.rs#L1198
The text was updated successfully, but these errors were encountered: