Commit Graph

27 Commits

Author SHA1 Message Date
Peter Wu
ac01048c5e tris: add NSS server to client interop tests
Similar to boringssl, reuse the NSS client image for the NSS server test
against the tris client. Bump the NSS version to 3.34.1 gain support
for TLS 1.3 keylogging which is useful while debugging.

Adjust read check to fix intermittent NSS test failures:
https://github.com/cloudflare/tls-tris/issues/58
2017-12-13 17:39:53 +00:00
Peter Wu
c89a0a5f3a tris: Add initial client interoperability tests
Prepare framework for testing tls-tris as client against other servers.
Currently only boringssl is implemented, but the idea is to add support
for others too (NSS, OpenSSL, picotls, tris, ...).

To test multiple certificate types, copy ecdsa.pem and rsa.pem from
tris-localserver for boringssl. The boringssl image is reused for the
server since the binaries were built anyway. Revision is bumped to
something to fix a build error and make the -loop and -www options work.
2017-12-13 17:39:53 +00:00
Peter Wu
dee13626ef tris: enable client tests with bogo shim 2017-12-13 17:39:53 +00:00
Peter Wu
d16cde640d tris: enable TLS 1.3 for tris-localserver again.
The default version (TLS 1.2) is no longer overridden with TLS 1.3 so
the server must explicitly set it.

Fixes: ("crypto/tls: allow client to pick TLS 1.3, do not enable it by default.")
2017-09-29 12:47:55 +01:00
Peter Wu
3107d575a8 tris: implement SSLKEYLOGFILE for TLS 1.3 server
This makes it easier to validate the handshake contents using Wireshark.
2017-09-21 15:37:34 +01:00
Peter Wu
25f2efc996 tris: update Go to 1.9
Use Go 1.9 (go1.9) with a patch to enable users to access the 0RTT API:

    net/http: attach TLSConnContextKey to the request Context
2017-09-07 17:40:17 +01:00
Filippo Valsorda
44343a1e4d tris: make the boring incremental build deterministic
HEAD is currently breaking the build.
2017-09-05 21:06:35 +01:00
Filippo Valsorda
7d575cd9ba tris: add Dockerfile to run unit tests with -update 2017-09-05 21:06:35 +01:00
Tom Thorogood
bc76e35b75 tris-localserver: fix Content-Type header for /ch endpoint (#21) 2017-09-05 21:06:35 +01:00
Filippo Valsorda
ba45c1a5ca tris: add echo.filippo.io 2017-09-05 21:06:35 +01:00
Filippo Valsorda
2ace09e9b4 tris: upgrade to Go 1.8 2017-09-05 21:06:35 +01:00
Filippo Valsorda
815d56e5a7 tris: update README for public consumption 2017-09-05 21:06:35 +01:00
Filippo Valsorda
563bf91c28 tris: update to Go 1.8rc3+ 2017-09-05 21:06:35 +01:00
Filippo Valsorda
7aa542753f tris: update to Go 1.8rc2 2017-09-05 21:06:35 +01:00
Filippo Valsorda
6bff168a06 tris: add proper BoGo tests 2017-09-05 21:06:35 +01:00
Filippo Valsorda
147d78ad99 tris: switch to Go 1.8beta1 2017-09-05 21:06:34 +01:00
Filippo Valsorda
faefac5f1a crypto/tls: stop ConfirmHandshake from locking on any Read
ConfirmHandshake should block on a Read until the handshakeConfirmed
state is reached, but past that it shouldn't.
2017-09-05 21:06:34 +01:00
Filippo Valsorda
f3fe024dc7 crypto/tls: do not drain 0-RTT data on Close
There is no reason a server can't just send a CloseNotify in its first
flight, and then close the connection without reading the 0-RTT data.

Also, it's not expected of Close to block on reading, and interlocking
with a Read can cause a deadlock.

Fixes NCC-2016-001
2017-09-05 21:06:34 +01:00
Filippo Valsorda
831410a948 tris: fix cross-compilation and relocation 2017-09-05 21:06:34 +01:00
Filippo Valsorda
345fbe2a39 tris: fix http2 tls.Conn context 2017-09-05 21:06:34 +01:00
Filippo Valsorda
df557b2b05 tris: fix NSS 0-RTT interop 2017-09-05 21:06:34 +01:00
Filippo Valsorda
2b667f2952 tris: fix mint interop 2017-09-05 21:06:34 +01:00
Filippo Valsorda
6ca044cede tris: add picotls interop 2017-09-05 21:06:34 +01:00
Filippo Valsorda
f8c15889af crypto/tls: implement TLS 1.3 server 0-RTT 2017-09-05 21:06:34 +01:00
Filippo Valsorda
ee3048cfd2 crypto/tls: implement TLS 1.3 server PSK 2017-09-05 21:06:34 +01:00
Filippo Valsorda
4b0d17eca3 crypto/tls: implement TLS 1.3 minimal server 2017-09-05 21:06:29 +01:00
Filippo Valsorda
6e85ff94f0 tris: import go wrapper and interoperability tests 2017-09-05 20:29:43 +01:00