Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't add empty certificate_authorities extension #1729

Merged
merged 2 commits into from
Jan 5, 2024
Merged

Don't add empty certificate_authorities extension #1729

merged 2 commits into from
Jan 5, 2024

Conversation

ctz
Copy link
Member

@ctz ctz commented Jan 5, 2024

There's already a test case for this and the API-level behaviour is unchanged.

fixes #1727

@codecov Codecov
Copy link

codecov bot commented Jan 5, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (b3913a5) 96.16% compared to head (2dad93c) 96.16%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1729      +/-   ##
==========================================
- Coverage   96.16%   96.16%   -0.01%     
==========================================
  Files          80       80              
  Lines       17345    17342       -3     
==========================================
- Hits        16680    16677       -3     
  Misses        665      665

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rustls-benchmarking Rustls Benchmarking
Copy link

rustls-benchmarking bot commented Jan 5, 2024
edited
Loading

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server 4667727 4639818 -27909 (-0.60%) 3.23%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server 4130861 4145849 14988 (0.36%) 4.27%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server 33370613 33288444 -82169 (-0.25%) 0.46%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server 12685223 12712575 27352 (0.22%) 0.84%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server 12755111 12730165 -24946 (-0.20%) 1.26%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server 33247647 33302772 55125 (0.17%) 0.66%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 8720630 8733212 12582 (0.14%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 3390812 3393617 2805 (0.08%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server 57156897 57117453 -39444 (-0.07%) 0.32%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 8720913 8715068 -5845 (-0.07%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client 31171547 31152209 -19338 (-0.06%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server 91302244 91355724 53480 (0.06%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server 33548954 33529880 -19074 (-0.06%) 0.98%
handshake_no_resume_ring_1.3_ecdsap256_aes_client 3897984 3895819 -2165 (-0.06%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 3394525 3395724 1199 (0.04%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server 57109650 57128267 18617 (0.03%) 0.43%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 57941647 57927905 -13742 (-0.02%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server 2129939 2130422 483 (0.02%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server 33634147 33628213 -5934 (-0.02%) 0.49%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 2047314 2047634 320 (0.02%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client 30981292 30976470 -4822 (-0.02%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server 12318231 12316368 -1863 (-0.02%) 0.70%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client 31157259 31152613 -4646 (-0.01%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 92425802 92413715 -12087 (-0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client 31149530 31146030 -3500 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server 2130552 2130326 -226 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 2050959 2050752 -207 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client 4548983 4549423 440 (0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client 42067469 42071535 4066 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client 30974612 30972277 -2335 (-0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client 42233305 42235865 2560 (0.01%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client 92462087 92467410 5323 (0.01%) 0.20%
handshake_session_id_ring_1.2_rsa_aes_server 4417743 4417977 234 (0.01%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server 57088689 57086115 -2574 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client 30967854 30969195 1341 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client 4525460 4525266 -194 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client 57947605 57949747 2142 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client 30955324 30954190 -1134 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_server 12241765 12242205 440 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client 3173847 3173734 -113 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client 4167040 4167159 119 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client 3377791 3377887 96 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client 3898174 3898074 -100 (-0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_client 4442077 4441964 -113 (-0.00%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_server 4864316 4864196 -120 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server 13738368 13738031 -337 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server 91255671 91253519 -2152 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_client 4539048 4539143 95 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client 92387033 92385210 -1823 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client 92385733 92384078 -1655 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client 42232250 42232983 733 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server 43951830 43952588 758 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 92439791 92438218 -1573 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_client 42390013 42389376 -637 (-0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_client 42202559 42201950 -609 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server 43696568 43695953 -615 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 57973673 57972872 -801 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server 33316191 33315758 -433 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server 13741741 13741564 -177 (-0.00%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_client 4720060 4720118 58 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server 33587995 33587602 -393 (-0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_client 42249465 42248993 -472 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server 33590418 33590058 -360 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client 31345415 31345081 -334 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client 35453039 35452675 -364 (-0.00%) 0.20%
handshake_session_id_ring_1.2_rsa_aes_client 4455048 4455003 -45 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_server 44000223 43999801 -422 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 57178639 57178114 -525 (-0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client 3389055 3389086 31 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_server 43693831 43693443 -388 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client 42197988 42197622 -366 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server 43960545 43960192 -353 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client 31357706 31357472 -234 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server 43912176 43912492 316 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server 33289299 33289062 -237 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client 42198252 42198544 292 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 4851484 4851454 -30 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server 33319944 33319764 -180 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_server 57083538 57083230 -308 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_client 57943958 57944268 310 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server 57083187 57083489 302 (0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_client 42425073 42424852 -221 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client 31153391 31153241 -150 (-0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 4856112 4856135 23 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server 43630485 43630679 194 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server 43922981 43922797 -184 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server 43634016 43633835 -181 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client 31172088 31171969 -119 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client 42067060 42066903 -157 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client 35455902 35456011 109 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client 92384866 92385140 274 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 91368279 91368527 248 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server 33572243 33572330 87 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client 42020373 42020271 -102 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client 57949708 57949844 136 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server 33307689 33307624 -65 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client 42022756 42022677 -79 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server 33611944 33612005 61 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client 57974596 57974492 -104 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 57178959 57178864 -95 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client 68451442 68451539 97 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 91347891 91347781 -110 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server 91247915 91248021 106 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server 91247841 91247936 95 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client 31146659 31146636 -23 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server 12251965 12251956 -9 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_server 43960298 43960328 30 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_server 43627656 43627632 -24 (-0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_server 12046932 12046926 -6 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server 43699489 43699482 -7 (-0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_client 57833597 57833588 -9 (-0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_server 56953888 56953893 5 (0.00%) 0.20%

Wall-time

Significant differences

⚠️ There are significant wall-time differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_session_id_ring_1.3_rsa_aes 7.51 ms 7.59 ms ⚠️ 0.08 ms (1.07%) 1.00%

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_session_id_ring_1.3_ecdsap256_chacha 6.84 ms 6.93 ms 0.09 ms (1.28%) 5.00%
handshake_tickets_ring_1.3_ecdsap256_chacha 6.84 ms 6.93 ms 0.09 ms (1.26%) 5.00%
handshake_session_id_ring_1.3_ecdsap256_aes 6.87 ms 6.95 ms 0.08 ms (1.21%) 5.00%
handshake_session_id_ring_1.3_ecdsap384_chacha 9.94 ms 10.05 ms 0.12 ms (1.18%) 5.00%
handshake_tickets_ring_1.3_ecdsap384_chacha 9.95 ms 10.06 ms 0.11 ms (1.10%) 5.00%
handshake_session_id_ring_1.3_ecdsap384_aes 9.97 ms 10.08 ms 0.11 ms (1.08%) 5.00%
handshake_session_id_ring_1.3_rsa_chacha 7.47 ms 7.55 ms 0.08 ms (1.07%) 1.35%
handshake_tickets_ring_1.3_rsa_chacha 7.49 ms 7.56 ms 0.08 ms (1.05%) 1.58%
handshake_tickets_ring_1.3_ecdsap256_aes 6.88 ms 6.96 ms 0.07 ms (1.04%) 5.00%
handshake_tickets_ring_1.3_ecdsap384_aes 9.99 ms 10.09 ms 0.10 ms (1.04%) 5.00%
handshake_no_resume_ring_1.3_ecdsap384_chacha 3.61 ms 3.65 ms 0.04 ms (0.99%) 5.00%
handshake_no_resume_ring_1.3_ecdsap256_chacha 501.63 µs 506.45 µs 4.82 µs (0.96%) 5.00%
handshake_no_resume_ring_1.3_ecdsap384_aes 3.61 ms 3.64 ms 0.03 ms (0.95%) 5.00%
handshake_no_resume_ring_1.3_ecdsap256_aes 502.71 µs 507.42 µs 4.71 µs (0.94%) 5.00%
handshake_tickets_ring_1.3_rsa_aes 7.52 ms 7.59 ms 0.07 ms (0.87%) 1.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 481.63 µs 484.62 µs 2.99 µs (0.62%) 5.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes 481.91 µs 484.83 µs 2.92 µs (0.60%) 5.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes 4.88 ms 4.90 ms 0.02 ms (0.50%) 5.00%
handshake_tickets_aws_lc_rs_1.2_rsa_aes 2.25 ms 2.26 ms 0.01 ms (0.49%) 2.21%
handshake_session_id_ring_1.2_rsa_aes 1.71 ms 1.71 ms -0.01 ms (-0.45%) 2.18%
transfer_no_resume_ring_1.3_ecdsap384_aes 9.75 ms 9.80 ms 0.04 ms (0.42%) 5.00%
transfer_no_resume_ring_1.2_rsa_aes 7.15 ms 7.18 ms 0.03 ms (0.41%) 3.98%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes 5.63 ms 5.65 ms 0.02 ms (0.39%) 5.00%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes 5.81 ms 5.83 ms 0.02 ms (0.37%) 4.63%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha 5.39 ms 5.41 ms 0.02 ms (0.35%) 5.00%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes 6.16 ms 6.18 ms 0.02 ms (0.35%) 5.00%
transfer_no_resume_ring_1.3_ecdsap384_chacha 16.45 ms 16.50 ms 0.05 ms (0.33%) 5.00%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes 5.37 ms 5.39 ms 0.02 ms (0.33%) 5.00%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha 1.39 ms 1.40 ms 0.00 ms (0.32%) 1.17%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes 6.12 ms 6.14 ms 0.02 ms (0.32%) 5.00%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha 6.38 ms 6.40 ms 0.02 ms (0.31%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes 5.81 ms 5.82 ms 0.02 ms (0.31%) 5.68%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes 5.41 ms 5.42 ms 0.02 ms (0.31%) 5.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 1.22 ms 1.22 ms 0.00 ms (0.29%) 5.00%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes 1.40 ms 1.41 ms 0.00 ms (0.27%) 1.04%
handshake_no_resume_ring_1.3_rsa_chacha 1.08 ms 1.09 ms 0.00 ms (0.26%) 1.49%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha 6.14 ms 6.15 ms 0.02 ms (0.26%) 5.00%
handshake_tickets_aws_lc_rs_1.3_rsa_aes 6.39 ms 6.41 ms 0.02 ms (0.25%) 1.08%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha 5.38 ms 5.39 ms 0.01 ms (0.23%) 5.00%
handshake_session_id_aws_lc_rs_1.2_rsa_aes 2.08 ms 2.08 ms 0.00 ms (0.23%) 1.61%
handshake_session_id_aws_lc_rs_1.3_rsa_aes 6.36 ms 6.37 ms 0.01 ms (0.21%) 1.25%
transfer_no_resume_ring_1.3_ecdsap256_aes 6.65 ms 6.66 ms 0.01 ms (0.21%) 5.00%
handshake_tickets_ring_1.2_rsa_aes 1.80 ms 1.80 ms -0.00 ms (-0.21%) 1.97%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 13.34 ms 13.37 ms 0.02 ms (0.18%) 5.00%
transfer_no_resume_ring_1.3_ecdsap256_chacha 13.35 ms 13.37 ms 0.02 ms (0.17%) 5.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha 14.28 ms 14.30 ms 0.02 ms (0.17%) 2.30%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha 6.11 ms 6.12 ms 0.01 ms (0.16%) 5.00%
transfer_no_resume_ring_1.3_rsa_chacha 13.94 ms 13.96 ms 0.02 ms (0.15%) 2.36%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes 1.35 ms 1.35 ms 0.00 ms (0.14%) 1.00%
handshake_no_resume_ring_1.3_rsa_aes 1.08 ms 1.08 ms 0.00 ms (0.13%) 1.52%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha 6.35 ms 6.36 ms 0.01 ms (0.11%) 1.03%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 14.09 ms 14.11 ms 0.02 ms (0.11%) 5.00%
handshake_no_resume_ring_1.2_rsa_aes 1.07 ms 1.07 ms 0.00 ms (0.10%) 1.74%
transfer_no_resume_ring_1.3_rsa_aes 7.23 ms 7.24 ms 0.01 ms (0.09%) 4.21%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes 1.23 ms 1.23 ms 0.00 ms (0.09%) 5.00%

Additional information

Historical results

Checkout details:

@djc
Copy link
Member

djc commented Jan 5, 2024

If there is already a test case, how come it didn't fail? It must not be a good test case for this particular failure mode?

@ctz
Copy link
Member Author

ctz commented Jan 5, 2024

The existing test case is client_cert_resolve_server_no_hints, and checks that a client sees empty hints when a server is configured to provide that. The difference between an absent and empty extension is collapsed here in the client:

rustls/rustls/src/client/common.rs

Lines 75 to 76 in b3913a5

let acceptable_issuers = canames
.unwrap_or_default()
which is why the API-level behaviour is unchanged, even if our protocol behaviour is different.

With that said, I just took a second look, and:

  • there's a bogo test for this (looks like boringssl also made the same mistake we did), though we don't have support for it in bogo_shim
  • adding support (on main) gives:
FAILED (TLS13-Empty-Client-CA-List)
unexpected failure: local error 'tls: expected no certificate_authorities extension', child error 'none', stdout:
  • it passes after this change

@djc
Copy link
Member

djc commented Jan 5, 2024

Okay, nice. Why don't we support that in the bogo shim? Would it be hard to add support?

@ctz
bogo: enable TLS13-Empty-Client-CA-List test
2dad93c 
This acts as a regression test for the previous commit.  This also enables:

- TLS12-Server-CertReq-CA-List
- TLS13-Server-CertReq-CA-List
- Null-Client-CA-List
@ctz ctz force-pushed the jbp-omit-empty-certificate-authorities-extension branch from c990b62 to 2dad93c Compare January 5, 2024 13:46
cpu
cpu approved these changes Jan 5, 2024
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. This looks good to me 👍

I feel like we should backport this to 0.22, do you agree? If so, maybe we should pick up #1706 while we're at it?

@ctz ctz added this pull request to the merge queue Jan 5, 2024
Merged via the queue into main with commit a3cc0bc Jan 5, 2024
42 checks passed
@ctz ctz deleted the jbp-omit-empty-certificate-authorities-extension branch January 5, 2024 16:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

@cpu cpu cpu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

About empty root hints list in "certificate_authorities" extension
3 participants
@ctz @djc @cpu