1 changed files with 3 additions and 75 deletions
Split View
Diff Options
-
+3 -75README.md
+ 3
- 75
README.md
View File
| @@ -1,30 +1,7 @@ | |||
| ``` | |||
| _____ _ ____ _ _ | |||
| |_ _| | / ___| | |_ _ __(_)___ | |||
| | | | | \___ \ _____| __| '__| / __| | |||
| | | | |___ ___) |_____| |_| | | \__ \ | |||
| |_| |_____|____/ \__|_| |_|___/ | |||
| ``` | |||
| crypto/tls, now with 100% more 1.3. | |||
| THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED. | |||
| [](https://travis-ci.org/cloudflare/tls-tris) | |||
| ## Usage | |||
| Since `crypto/tls` is very deeply (and not that elegantly) coupled with the Go stdlib, | |||
| tls-tris shouldn't be used as an external package. It is also impossible to vendor it | |||
| as `crypto/tls` because stdlib packages would import the standard one and mismatch. | |||
| So, to build with tls-tris, you need to use a custom GOROOT. | |||
| # trs | |||
| A script is provided that will take care of it for you: `./_dev/go.sh`. | |||
| Just use that instead of the `go` tool. | |||
| The script also transparently fetches the custom Cloudflare Go 1.10 compiler with the required backports. | |||
| This is an implementation of TLS 1.3 forked from ``tls-tris`` (af21f3083ce150bf822574a4437be352a83ef45b). Modified | |||
| to be used as separated library. | |||
| ## Development | |||
| @@ -55,53 +32,3 @@ sudo usermod -a -G docker $USER | |||
| Similar dependencies can be found on any UNIX based system/distribution. | |||
| ### Building | |||
| There are number of things that need to be setup before running tests. Most important step is to copy ``go env GOROOT`` directory to ``_dev`` and swap TLS implementation and recompile GO. Then for testing we use go implementation from ``_dev/GOROOT``. | |||
| ``` | |||
| git clone https://github.com/cloudflare/tls-tris.git | |||
| cd tls-tris; cp _dev/utils/pre-commit .git/hooks/ | |||
| make -f _dev/Makefile build-all | |||
| ``` | |||
| ### Testing | |||
| We run 3 kinds of test:. | |||
| * Unit testing: <br/>``make -f _dev/Makefile test-unit`` | |||
| * Testing against BoringSSL test suite: <br/>``make -f _dev/Makefile test-bogo`` | |||
| * Compatibility testing (see below):<br/>``make -f _dev/Makefile test-interop`` | |||
| To run all the tests in one go use: | |||
| ``` | |||
| make -f _dev/Makefile test | |||
| ``` | |||
| ### Testing interoperability with 3rd party libraries | |||
| In order to ensure compatibility we are testing our implementation against BoringSSL, NSS and PicoTLS. | |||
| Makefile has a specific target for testing interoperability with external libraries. Following command can be used in order to run such test: | |||
| ``` | |||
| make -f _dev/Makefile test-interop | |||
| ``` | |||
| The makefile target is just a wrapper and it executes ``_dev/interop_test_runner`` script written in python. The script implements interoperability tests using ``python unittest`` framework. | |||
| Script can be started from command line directly. For example: | |||
| ``` | |||
| > ./interop_test_runner -v InteropServer_NSS.test_zero_rtt | |||
| test_zero_rtt (__main__.InteropServer_NSS) ... ok | |||
| Ran 1 test in 8.765s | |||
| OK | |||
| ``` | |||
| ### Debugging | |||
| When the environment variable `TLSDEBUG` is set to `error`, Tris will print a hexdump of the Client Hello and a stack trace if an handshake error occurs. If the value is `short`, only the error and the first meaningful stack frame are printed. | |||