Add openssl support in transport module with some enhancement and bug fix #4
+1,189
−10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…m dice Only return Err after attempting all TEEs
feat(tls): add openssl transport module (WIP) 1. apply Builder patten while constructing TLS Client and Server. 2. implement `send` `shutdown` `receive` interface for TLS Client and Server. 3. implement `negotiation` interface for TLS Client and Server with default openssl verify callback. TODO: 1. (maybe) use typestate pattern to staticly protect Client and Server building procedure. 2. support openssl error handling. 3. corner case check before calling bindgen openssl api. 4. unit test for Client and Server function. fix(tls-client): use `OPENSSL_EX_DATA_IDX` define in `mod.rs` fix(tls-init): add custom init function with missing options for the `init` function in `openssl-sys` feat(tls): use a more generic way to handle stream Add GetFd trait, replace TcpStream with trait object impl GetFd fix(tls): fix some bugs cause rust borrow checker error and FFI call error feat(tls): replace raw option number with bitflag feat(tls): support P256 test(tls): add some unit tests 1. openssl init 2. use private key 3. use cert fix(tls-client): fix incorrect SSL function call feat(tls-init): only init once `ossl_init` by `sync::once` fix(tls): implement default openssl verify callback correctly using rats-rs APIs use `CertVerifier` to verify cert instead of implementing it manually refactor(tls): code refactor (see full log) 1. expose some functions to pub or pub(crate) 2. refactor code in a more rust way 3. remove unused code 4. implement `with_tcp_steam` as its name implies 5. merge imports feat(tls): support mutual client server test(tls): remove duplicated init
…ication The only difference between the current certificate content and the previously generated Root certificate content is the addition of Certificate Sign to the KeyUsage Extension.
TODO: 1. mutual client and server 2. more command options feat(tls-example): add `attest_self` and `verify_peer` in tls example
1. add comment to `ossl_init` referring to rats-tls repository 2. inline `init` method of `Client` and `Server` to each Builders' method, remove unused Option 3. remove `Arc<Mutex<Cell<>>` wrapper for openssl CRYPTO index since it never change after initialized 4. move `GetFdDumpImpl` to test module as a stream mock
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pr contain three things: