Session compression and SNI #223
Conversation
| @@ -19,6 +19,8 @@ module Network.TLS.Types | |||
| import Data.ByteString (ByteString) | |||
| import Data.Word | |||
|
|
|||
| type HostName = String | |||
There was a problem hiding this comment.
I found the same code in multiple modules. I would like to remove the other definitions and let the modules import Types.
I guess that this redundancy is the reason why HostName is not highlighted in the HTML doc produced by haddock.
There was a problem hiding this comment.
Yes I've seen it too and just replicated what already exists. But I can try to do better.
IIRC it's potentially more complex that it looks because x509 packages have this too.
If a type alias is to be exported, it could be from there and not tls.
There was a problem hiding this comment.
the goal of this alias was to remember to do something sensible about this, not really expose it to the user. A real Hostname type is coming soon (couple of months away), and when that happens, I'm planning to move those types in tls and x509 to use it.
There was a problem hiding this comment.
Then in the PR I'd rather keep this 5th local definition of a type alias for now and remove them all when a remplacement is ready.
Does the Hostname plan include something for IDN support?
There was a problem hiding this comment.
yes, we're still not quite there but the plan is to have punycode and full IDN
|
Other parts look good to me. |
|
Rebased and merged. |
Adds new information into SessionData to fully implements resumption checks. SNI is especially important because it may have an influence on credentials and therefore ciphers.
In the new code I left SNI test case-sensitive. It makes the code simpler and should not cause any issue. I don't think a client will write the hostname differently the second time and still expect resumption.
After this PR it becomes possible to reorganize the ServerHello code so that the resumption case skips most of it. But this likely conflicts with any other server work.