Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax server_name extension validation #1881

Merged
merged 3 commits into from
Apr 2, 2024
Merged

Relax server_name extension validation #1881

merged 3 commits into from
Apr 2, 2024

Conversation

ctz
Copy link
Member

@ctz ctz commented Mar 30, 2024

This PR makes us ignore the server_name ClientHello extension if it contains a literal IP address. We don't indicate support for the server_name extension if we ignored it, and it is not available via any API -- it is as if the client did not send the extension at all. Other illegal names continue to be rejected as before.

This is necessary to deal with non-compliant extension data sent by OpenSSL (openssl/openssl#20041) and Apple SecureTransport (#1878).

@rustls-benchmarking Rustls Benchmarking
Copy link

rustls-benchmarking bot commented Mar 30, 2024
edited

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server 3885216 3916551 31335 (0.81%) 4.22%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server 4370663 4388934 18271 (0.42%) 2.91%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 8674308 8700756 26448 (0.30%) 0.81%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server 12683399 12718042 34643 (0.27%) 0.90%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server 12718309 12692893 -25416 (-0.20%) 1.30%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client 30317126 30281313 -35813 (-0.12%) 0.41%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server 46403819 46352146 -51673 (-0.11%) 0.29%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server 32271516 32299383 27867 (0.09%) 0.75%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client 30110333 30085485 -24848 (-0.08%) 0.37%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client 30325998 30301879 -24119 (-0.08%) 0.28%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server 32579720 32600928 21208 (0.07%) 0.55%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server 32318108 32301774 -16334 (-0.05%) 0.67%
handshake_session_id_ring_1.2_rsa_aes_server 4233653 4235739 2086 (0.05%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server 12317045 12311100 -5945 (-0.05%) 0.86%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 92714160 92669779 -44381 (-0.05%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 8690607 8694233 3626 (0.04%) 0.99%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 1892703 1891938 -765 (-0.04%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server 13739383 13743487 4104 (0.03%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server 46403920 46390413 -13507 (-0.03%) 0.53%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 1888954 1888420 -534 (-0.03%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 3369100 3368195 -905 (-0.03%) 0.24%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 58217468 58202313 -15155 (-0.03%) 0.27%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server 2138134 2137675 -459 (-0.02%) 0.38%
transfer_no_resume_ring_1.3_ecdsap384_aes_server 46462418 46453577 -8841 (-0.02%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client 3922413 3921728 -685 (-0.02%) 0.22%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server 32550346 32545172 -5174 (-0.02%) 0.59%
transfer_no_resume_ring_1.3_ecdsap384_aes_client 58321261 58312142 -9119 (-0.02%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server 2135938 2135613 -325 (-0.02%) 0.36%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 3365296 3364809 -487 (-0.01%) 0.25%
handshake_tickets_ring_1.2_rsa_aes_server 4661132 4660470 -662 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client 3174466 3174044 -422 (-0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client 30296483 30300261 3778 (0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client 41852101 41846919 -5182 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client 35470852 35475106 4254 (0.01%) 0.20%
handshake_session_id_ring_1.2_rsa_aes_client 4247419 4246935 -484 (-0.01%) 0.25%
transfer_no_resume_ring_1.3_ecdsap256_aes_client 58313599 58319592 5993 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client 30100513 30103567 3054 (0.01%) 0.45%
handshake_session_id_ring_1.3_ecdsap384_aes_server 43411883 43407514 -4369 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client 3378995 3378655 -340 (-0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client 30084277 30081622 -2655 (-0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client 41966463 41962842 -3621 (-0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server 43614972 43611277 -3695 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_client 4557363 4556985 -378 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 4271316 4270978 -338 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client 4566455 4566109 -346 (-0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server 43612644 43615823 3179 (0.01%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_client 4459501 4459188 -313 (-0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server 43306038 43308760 2722 (0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server 43686785 43689529 2744 (0.01%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_client 4514219 4514502 283 (0.01%) 0.31%
handshake_no_resume_ring_1.3_rsa_chacha_server 12252575 12251901 -674 (-0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client 3972028 3972240 212 (0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client 42030098 42032177 2079 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server 46452489 46454709 2220 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_client 3920253 3920101 -152 (-0.00%) 0.23%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client 3389609 3389481 -128 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server 32326538 32327746 1208 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server 80617911 80614944 -2967 (-0.00%) 0.27%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server 32585290 32586391 1101 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_server 12243151 12242741 -410 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server 13746417 13745970 -447 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_server 43612609 43614025 1416 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 4266736 4266874 138 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server 32297475 32298497 1022 (0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_client 42088576 42089775 1199 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client 92649939 92652493 2554 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_server 43403761 43404882 1121 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client 30285927 30286674 747 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client 41960220 41959205 -1015 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client 41759758 41760737 979 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server 32326925 32327680 755 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server 32298050 32298795 745 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client 30333497 30334144 647 (0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_server 12049227 12048988 -239 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 58217468 58218505 1037 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server 32573331 32573905 574 (0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_client 42021326 42020593 -733 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server 43407116 43407846 730 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_client 41894445 41895113 668 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client 35477861 35477329 -532 (-0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_server 43305548 43306192 644 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server 43689283 43688664 -619 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client 30099910 30099522 -388 (-0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_client 41814443 41814978 535 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server 32584736 32585147 411 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server 32573140 32573501 361 (0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_server 43686662 43687076 414 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client 42035864 42035504 -360 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 92687370 92686585 -785 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client 4289748 4289783 35 (0.00%) 0.89%
handshake_session_id_ring_1.3_ecdsap384_chacha_client 41766683 41766346 -337 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server 80510558 80511082 524 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 80608281 80608802 521 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_server 46457582 46457828 246 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client 58222672 58222372 -300 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client 30132295 30132449 154 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client 41843220 41843018 -202 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client 30147417 30147282 -135 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client 30347145 30347011 -134 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server 43308700 43308887 187 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 46418225 46418412 187 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 46420285 46420102 -183 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server 80507341 80507646 305 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_client 58320202 58320415 213 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server 80511215 80511484 269 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client 68642252 68642474 222 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client 92690555 92690273 -282 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 80609942 80610165 223 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client 92649181 92649022 -159 (-0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_client 58202688 58202590 -98 (-0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_server 46338562 46338503 -59 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client 92653249 92653326 77 (0.00%) 0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes 472.68 µs 476.61 µs 3.92 µs (0.83%) 2.54%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha 5.22 ms 5.17 ms -0.04 ms (-0.81%) 1.80%
handshake_tickets_aws_lc_rs_1.2_rsa_aes 2.22 ms 2.21 ms -0.02 ms (-0.75%) 1.83%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha 5.91 ms 5.87 ms -0.04 ms (-0.68%) 1.27%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha 6.18 ms 6.14 ms -0.04 ms (-0.67%) 1.57%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha 5.23 ms 5.21 ms -0.03 ms (-0.52%) 1.44%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes 5.96 ms 5.93 ms -0.03 ms (-0.47%) 1.15%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha 5.94 ms 5.92 ms -0.03 ms (-0.45%) 1.23%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes 5.23 ms 5.21 ms -0.02 ms (-0.44%) 1.78%
handshake_session_id_aws_lc_rs_1.3_rsa_aes 6.20 ms 6.18 ms -0.03 ms (-0.43%) 1.61%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes 5.94 ms 5.92 ms -0.02 ms (-0.41%) 1.54%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes 5.24 ms 5.22 ms -0.02 ms (-0.39%) 1.68%
handshake_session_id_aws_lc_rs_1.2_rsa_aes 2.06 ms 2.05 ms -0.01 ms (-0.39%) 1.40%
handshake_no_resume_ring_1.3_ecdsap384_chacha 3.62 ms 3.61 ms -0.01 ms (-0.36%) 1.00%
handshake_no_resume_ring_1.3_ecdsap384_aes 3.62 ms 3.61 ms -0.01 ms (-0.36%) 1.00%
transfer_no_resume_ring_1.3_rsa_aes 6.89 ms 6.87 ms -0.02 ms (-0.33%) 2.35%
handshake_tickets_ring_1.2_rsa_aes 1.73 ms 1.73 ms -0.01 ms (-0.33%) 1.71%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes 5.39 ms 5.37 ms -0.02 ms (-0.31%) 3.84%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha 6.20 ms 6.18 ms -0.02 ms (-0.31%) 1.40%
handshake_session_id_ring_1.3_ecdsap256_chacha 6.71 ms 6.69 ms -0.02 ms (-0.30%) 1.11%
handshake_no_resume_ring_1.3_ecdsap256_chacha 502.43 µs 503.87 µs 1.44 µs (0.29%) 1.72%
handshake_tickets_aws_lc_rs_1.3_rsa_aes 6.20 ms 6.18 ms -0.02 ms (-0.26%) 1.33%
handshake_tickets_ring_1.3_ecdsap256_chacha 6.73 ms 6.72 ms -0.02 ms (-0.26%) 1.34%
handshake_session_id_ring_1.3_ecdsap256_aes 6.73 ms 6.72 ms -0.02 ms (-0.24%) 1.14%
handshake_session_id_ring_1.2_rsa_aes 1.64 ms 1.65 ms 0.00 ms (0.24%) 1.52%
handshake_session_id_ring_1.3_ecdsap384_aes 9.84 ms 9.81 ms -0.02 ms (-0.23%) 1.00%
transfer_no_resume_ring_1.3_ecdsap384_aes 9.41 ms 9.39 ms -0.02 ms (-0.23%) 1.86%
handshake_session_id_ring_1.3_ecdsap384_chacha 9.81 ms 9.79 ms -0.02 ms (-0.22%) 1.00%
handshake_tickets_ring_1.3_ecdsap256_aes 6.76 ms 6.75 ms -0.01 ms (-0.22%) 1.24%
handshake_tickets_ring_1.3_ecdsap384_chacha 9.84 ms 9.82 ms -0.02 ms (-0.20%) 1.00%
handshake_tickets_ring_1.3_ecdsap384_aes 9.87 ms 9.85 ms -0.02 ms (-0.20%) 1.00%
handshake_tickets_ring_1.3_rsa_aes 7.36 ms 7.35 ms -0.01 ms (-0.19%) 1.04%
handshake_session_id_ring_1.3_rsa_aes 7.34 ms 7.33 ms -0.01 ms (-0.19%) 1.00%
transfer_no_resume_ring_1.3_ecdsap256_aes 6.29 ms 6.28 ms -0.01 ms (-0.17%) 3.31%
transfer_no_resume_ring_1.3_rsa_chacha 13.53 ms 13.51 ms -0.02 ms (-0.16%) 1.57%
handshake_no_resume_ring_1.3_ecdsap256_aes 506.12 µs 506.93 µs 0.81 µs (0.16%) 1.45%
transfer_no_resume_ring_1.3_ecdsap384_chacha 16.06 ms 16.04 ms -0.02 ms (-0.15%) 1.20%
handshake_tickets_ring_1.3_rsa_chacha 7.32 ms 7.32 ms -0.01 ms (-0.13%) 1.05%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 472.11 µs 472.68 µs 0.58 µs (0.12%) 3.06%
transfer_no_resume_ring_1.3_ecdsap256_chacha 12.94 ms 12.93 ms -0.02 ms (-0.12%) 1.70%
handshake_no_resume_ring_1.3_rsa_aes 1.09 ms 1.09 ms -0.00 ms (-0.10%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha 13.87 ms 13.86 ms -0.01 ms (-0.10%) 1.39%
handshake_session_id_ring_1.3_rsa_chacha 7.30 ms 7.29 ms -0.01 ms (-0.10%) 1.02%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes 1.36 ms 1.36 ms 0.00 ms (0.09%) 1.00%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes 1.41 ms 1.41 ms -0.00 ms (-0.09%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes 4.44 ms 4.44 ms -0.00 ms (-0.09%) 4.69%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 12.93 ms 12.91 ms -0.01 ms (-0.09%) 1.58%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 1.18 ms 1.18 ms 0.00 ms (0.08%) 1.13%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes 5.17 ms 5.16 ms -0.00 ms (-0.06%) 4.08%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 13.63 ms 13.63 ms -0.01 ms (-0.04%) 1.53%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes 1.19 ms 1.19 ms -0.00 ms (-0.04%) 1.03%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha 1.40 ms 1.40 ms 0.00 ms (0.04%) 1.00%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes 5.38 ms 5.38 ms 0.00 ms (0.04%) 4.13%
handshake_no_resume_ring_1.2_rsa_aes 1.07 ms 1.07 ms -0.00 ms (-0.03%) 1.00%
transfer_no_resume_ring_1.2_rsa_aes 6.79 ms 6.78 ms -0.00 ms (-0.03%) 3.75%
handshake_no_resume_ring_1.3_rsa_chacha 1.09 ms 1.09 ms 0.00 ms (0.01%) 1.00%

Additional information

Historical results

Checkout details:

@codecov Codecov
Copy link

codecov bot commented Mar 30, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.48%. Comparing base (d8d438a) to head (413dc67).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1881      +/-   ##
==========================================
+ Coverage   95.47%   95.48%   +0.01%     
==========================================
  Files          86       86              
  Lines       18607    18624      +17     
==========================================
+ Hits        17765    17784      +19     
+ Misses        842      840       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

cpu
cpu approved these changes Mar 30, 2024
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sad we have to do this. The standards are very clear on this behaviour being wrong and fixing it should be trivial for the affected projects.... It's not something deep and nuanced 😮‍💨

Thanks for working up a patch.

rustls/src/msgs/message_test.rs Show resolved Hide resolved
@djc
Copy link
Member

djc commented Mar 30, 2024

Why is the reformatting necessary/not causing issues in CI?

@ctz
Copy link
Member Author

ctz commented Mar 30, 2024

Why is the reformatting necessary/not causing issues in CI?

Unfortunately rustfmt doesn't format the inside of {}-braced macros, and that covers most of this file :(

djc
djc reviewed Apr 1, 2024
View reviewed changes
rustls/src/msgs/handshake.rs Outdated Show resolved Hide resolved
rustls/src/msgs/handshake.rs Show resolved Hide resolved
rustls/tests/api.rs Outdated
Comment on lines 964 to 977
if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload {
if let HandshakePayload::ClientHello(ch) = &mut parsed.payload {
for mut ext in ch.extensions.iter_mut() {
if let ClientExtension::ServerName(snr) = &mut ext {
snr.clear();
snr.push(
ServerNameExtensionItem::read_bytes(b"\x00\x00\x071.1.1.1").unwrap(),
);
}
}
}

*encoded = Payload::new(parsed.get_encoding());
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider linearizing this, maybe with let .. else?

rustls/tests/api.rs Outdated Show resolved Hide resolved
ctz added 3 commits April 2, 2024 15:33
@ctz
Ignore server_name extension containing IP address
e68ff22 
This works around quality-of-implementation issues in OpenSSL and
Apple SecureTransport: they send `server_name` extensions containing
IP addresses.  RFC6066 specifically disallows that.

It is a similar work-around to that adopted by LibreSSL: ignore
SNI contents if they can be parsed as an IP address.
@ctz
api.rs: reformat
55d37e1
@ctz
Test for illegal IP address in server name extension
413dc67
@ctz ctz enabled auto-merge April 2, 2024 14:38
@ctz ctz added this pull request to the merge queue Apr 2, 2024
Merged via the queue into main with commit aff893f Apr 2, 2024
46 checks passed
@ctz ctz deleted the jbp-relax-sni-parsing branch April 2, 2024 15:01
@ctz ctz mentioned this pull request Apr 9, 2024
Closed
1 task
@cpu cpu mentioned this pull request Apr 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

@cpu cpu cpu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ctz @djc @cpu