v0.22.1 preparation #1677
v0.22.1 preparation #1677
Conversation
if for some reason the recorded session ticket is invalid or decoded incorrectly by the server, we can get into a case where the resumption handshake happens, and right after the ChangeCipherSpec message, the server sends an encrypted handhsake message using the invalid ticket, and the client rejects it with the BadRecordMAC alert. Unfortunately, if the calling code retries the connection, if it will try again with the same ticket and obtain the same result. This commit makes sure that if we fail to decrypt the first message, we will remove the session ticket for this server, to start from cratch on the next connection.
|
As mentioned in #1665, I think we should bring that in even though it is technically semver-incompatible. Also I don't think #1595 is semver-incompatible (just looked it over, I think there was also a comment from @ctz stating it only made incompatible changes to the |
Oops, missed that comment. I'll pull that in.
Right again. I'll add it to the branch 👍 |
Without the context of RFC 8446 in your mind the use of the `ProtocolVersion::TLSv1_2` constant in the TLS 1.3 `MessageEncrypter` implementations appears like an oversight or copy/paste error. This commit adds a brief explanatory comment.
|
I've updated the branch to bring in the quic trait and message deframer changes. The PR description and proposed release notes are updated as well. |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## rel-0.22 #1677 +/- ##
==========================================
Coverage 95.90% 95.90%
==========================================
Files 78 78
Lines 16083 16211 +128
==========================================
+ Hits 15424 15547 +123
- Misses 659 664 +5 ☔ View full report in Codecov by Sentry. |
There are a couple other changes absent from this branch (enumerated in the PR desc): The provider example |
|
#1668 might be a good candidate for a 0.21.x release too. WDYT? |
|
I think we should limit 0.21.x to bugfixes only, which #1668 doesn't qualify as? |
|
It smells like a bug to me (a client getting stuck in a retry loop), but I don't feel strongly and if nobody is asking for it I'm happy to skip the extra work. |
|
Uh, sorry, I was confused. But you already have #1668 in your list of things that you included in the PR description? |
Right, for this 0.22.1 release. I'm suggesting it might make sense to also create a separate backport branch with just that PR for a 0.21.10 bugfix release. Does that make sense? |
|
Uggh, my brain is a bit fried I guess. Yeah, I think that makes sense. |
|
We now re-export the rustls-pki-types crate. I think that means our preferred way for crates to consume pki-types is through the re-exports.
Added. PR desc and proposed release notes updated. |
|
Description
This branch targets the
rel-0.22feature branch, which was created at commit e051f5c - the last semver compatible update tomainafter the0.22release.It brings in the following PRs since then:
MessageDeframer: batch discard operations #1595It skips these PRs from main that I believe are semver incompatible:
provider-examplelibrary no-std compatible (almost) #1636SupportedProtocolVersionas non-exhaustive #1673Proposed Release Notes
rustls_pki_typescrate is now re-exported asrustls::pki_types.rustls::pki_typesre-export.quic::PacketKeyandquic::HeaderProtectionKeytraits are nowSend + Sync.MessageDeframerinternals.