Support certificate_authorities extension in ClientHello
#2265
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
77a2207 to
78a4359
Compare
78a4359 to
7f0b09e
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2265 +/- ##
=======================================
Coverage 94.82% 94.82%
=======================================
Files 104 104
Lines 24077 24102 +25
=======================================
+ Hits 22831 22855 +24
- Misses 1246 1247 +1 ☔ View full report in Codecov by Sentry. |
ctz
reviewed
Dec 10, 2024
7f0b09e to
4aaa2e4
Compare
djc
reviewed
Dec 11, 2024
8000
4aaa2e4 to
3a5c873
Compare
Contributor
Author
Thanks @djc. I believe I addressed all the review comments. One point: I also removed the |
Benchmark resultsInstruction countsSignificant differencesThere are no significant instruction count differences Other differencesClick to expand
Wall-timeSignificant differencesThere are no significant wall-time differences Other differencesClick to expand
Additional informationCheckout details:
|
ctz
approved these changes
Dec 12, 2024
3a5c873 to
06549cd
Compare
cpu
reviewed
Dec 12, 2024
This commit adds support for the extension by: - On the client side, adding a default method to `ServerCertVerifier` that asks for CA names to be sent with ClientHello, - On the server side, adding the method `certificate_authorities()` to the `ClientHello` type, which is provided to `ResolvesServerCert` when the server needs to pick a cert.
06549cd to
c645d12
Compare
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for the
certificate_authoritiesextension in ClientHello by:On the client side, adding a default method to
ServerCertVerifierthat asks for CA names to be sent with ClientHello,On the server side, adding the method
certificate_authorities()to theClientHellotype, which is provided toResolvesServerCertwhen the server needs to pick a cert.Closes #2235