-
Notifications
You must be signed in to change notification settings - Fork 695
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(interop): add s2n-tls interop test client and server #4547
Conversation
This initial commit defines generally useful traits and the starting s2n-tls client and server implementations.
- add copyright annotations to all files
/// | ||
/// It will the return the [InteropTest] that is being run, as well as the expected | ||
/// port for the server to run on. | ||
pub fn parse_server_arguments() -> (InteropTest, u16) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The quic interop uses the library structopt for this, might be good to use here as well so we don't have to rewrite parsing code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I'm a little wary of doing that, because while rust makes it super easy to have elegant argument parsing, that is not the case for other languages (Go, Java) so we'd have to implement our own argument parsing in those languages. That argument parsing is likely just going to be test = argv[2]
and port = argv[4]
, at which point there didn't seem to be much advantage in specifying additional arguments.
} | ||
} | ||
} | ||
InteropTest::LargeDataDownloadWithFrequentKeyUpdates => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trying to think through how this would work with resumption. Where would that logic live 🤔? This test only allows for a single connection currently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you'd end up essentially special-casing the logic for the client. If the test is InteropTest::Resumption
then you would call the handle_session_resumption
method twice. The implementation would be responsible for
- storing the session ticket from the first connection
- setting the session ticket on the second connection.
The config for session resumption would set the SessionTicketCallback
and the ConnectionInitializer
.
- use existing test certs
let (test, port) = common::parse_server_arguments(); | ||
let config = match <S2NShim as ClientTLS<TcpStream>>::get_client_config(test)? { | ||
Some(c) => c, | ||
None => exit(127), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
needs to be the constant
The team wants some additional documentation/research before committing to any specific interop path, so closing this pull request. |
This initial commit defines generally useful traits and the initial s2n-tls client and server implementations.
Description of changes:
Two crates are added
common
this holds "interop" information that is independent of any tls implementation. This crate will eventually be where the actual interop runner lives.
tls-shim
a number of implementations (boringssl, s2n-tls, openssl, rustls) provide APIs to integrate with the tokio ecosystem, which results in generally similar API shapes. This crate defines interop client and server functionality generically over those API shapes, which allows code to be shared between implementations.
For this PR, only the s2n-tls client and server implementations are added.
Additionally, this crate contains an integration test which uses turmoil to simulate the actual interop test. This allows a fast feedback loop since separate processes don't have to be launched.
Testing:
This is currently just building on my local machine, but I plan on adding CI one the two remaining rust implementations (rustls and openssl) are merged in.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.