-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session compression and SNI #223
Conversation
@@ -19,6 +19,8 @@ module Network.TLS.Types | |||
import Data.ByteString (ByteString) | |||
import Data.Word | |||
|
|||
type HostName = String |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found the same code in multiple modules. I would like to remove the other definitions and let the modules import Types
.
I guess that this redundancy is the reason why HostName
is not highlighted in the HTML doc produced by haddock.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I've seen it too and just replicated what already exists. But I can try to do better.
IIRC it's potentially more complex that it looks because x509 packages have this too.
If a type alias is to be exported, it could be from there and not tls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the goal of this alias was to remember to do something sensible about this, not really expose it to the user. A real Hostname
type is coming soon (couple of months away), and when that happens, I'm planning to move those types in tls and x509 to use it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then in the PR I'd rather keep this 5th local definition of a type alias for now and remove them all when a remplacement is ready.
Does the Hostname
plan include something for IDN support?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, we're still not quite there but the plan is to have punycode and full IDN
Other parts look good to me. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK. Let's merge this PR as is.
Rebased and merged. |
Adds new information into SessionData to fully implements resumption checks. SNI is especially important because it may have an influence on credentials and therefore ciphers.
In the new code I left SNI test case-sensitive. It makes the code simpler and should not cause any issue. I don't think a client will write the hostname differently the second time and still expect resumption.
After this PR it becomes possible to reorganize the ServerHello code so that the resumption case skips most of it. But this likely conflicts with any other server work.