Add openssl support in transport module with some enhancement and bug fix #4
Commits on Jul 15, 2024
-
fix(AutoEvidence): return error too early while creating evidence fro…
…m dice Only return Err after attempting all TEEs
Commits on Aug 6, 2024
-
feat(tls): support openssl in transport module
feat(tls): add openssl transport module (WIP) 1. apply Builder patten while constructing TLS Client and Server. 2. implement `send` `shutdown` `receive` interface for TLS Client and Server. 3. implement `negotiation` interface for TLS Client and Server with default openssl verify callback. TODO: 1. (maybe) use typestate pattern to staticly protect Client and Server building procedure. 2. support openssl error handling. 3. corner case check before calling bindgen openssl api. 4. unit test for Client and Server function. fix(tls-client): use `OPENSSL_EX_DATA_IDX` define in `mod.rs` fix(tls-init): add custom init function with missing options for the `init` function in `openssl-sys` feat(tls): use a more generic way to handle stream Add GetFd trait, replace TcpStream with trait object impl GetFd fix(tls): fix some bugs cause rust borrow checker error and FFI call error feat(tls): replace raw option number with bitflag feat(tls): support P256 test(tls): add some unit tests 1. openssl init 2. use private key 3. use cert fix(tls-client): fix incorrect SSL function call feat(tls-init): only init once `ossl_init` by `sync::once` fix(tls): implement default openssl verify callback correctly using rats-rs APIs use `CertVerifier` to verify cert instead of implementing it manually refactor(tls): code refactor (see full log) 1. expose some functions to pub or pub(crate) 2. refactor code in a more rust way 3. remove unused code 4. implement `with_tcp_steam` as its name implies 5. merge imports feat(tls): support mutual client server test(tls): remove duplicated init
-
feat(cert): build x509 certificate manually to pass openssl pre-verif…
…ication The only difference between the current certificate content and the previously generated Root certificate content is the addition of Certificate Sign to the KeyUsage Extension.
-
feat(tls-example): add tls echo server
TODO: 1. mutual client and server 2. more command options feat(tls-example): add `attest_self` and `verify_peer` in tls example
Commits on Sep 1, 2024
-
fix(misc): Fixed unreasonable parts in the pull request
1. add comment to `ossl_init` referring to rats-tls repository 2. inline `init` method of `Client` and `Server` to each Builders' method, remove unused Option 3. remove `Arc<Mutex<Cell<>>` wrapper for openssl CRYPTO index since it never change after initialized 4. move `GetFdDumpImpl` to test module as a stream mock
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.