This patch updates the DTLS 1.3 implementation to draft version 30, including unified header format and sequence number encryption.
Also added are new `SSL_CreateMask` experimental functions.
Differential Revision: https://phabricator.services.mozilla.com/D51014
Remove an overzealous assertion when a Key Update message is received too early, and add a test for the expected alert condition.
Also adds `TlsEncryptedHandshakeMessageReplacer` for replacing TLS 1.3 encrypted handshake messages. This is a simple implementation where only the first byte of the message is changed to the new type (so as to trigger the desired handler).
Differential Revision: https://phabricator.services.mozilla.com/D54998
The delegated credentials patch left the channel info unmodified, which meant
that it reported the key strength of the end entity certificate and not the
delegated credential. For a using application, this is problematic because it
can't access information about delegated credentials. In this case, the only
omission was the strength of the key.
Firefox checks key strength for the entire certificate chain according to its
policies, but it also wants to apply the same sort of policy to the delegated
credential. In particular, it wants to ensure that an RSA credential (which
shouldn't be used, but whatever...) has a long enough modulus, because the NSS
policy is less strict than the Firefox one.
To address this use case, SSLChannelInfo.authKeyBits is set to the length of the
delegated credential key when delegated credentials are in use. This is
consistent with the definition of the parameter, but implies a different
understanding of its meaning when delegated credentials are enabled.
Differential Revision: https://phabricator.services.mozilla.com/D36699
Summary: Some servers send a certificate_required alert when the client returns no certificate while it is required. For server, it is not mandatory to send this alert, but it could make it easier for the client to distinguish bad_certificate and the declined cases.
Reviewers: mt
Reviewed By: mt
Bug #: 1532312
Differential Revision: https://phabricator.services.mozilla.com/D22083
Summary:
Add functions for QUIC that provide the raw content of records to callback functions.
Reviewers: ekr
Reviewed By: ekr
Bug #: 1471126
Differential Revision: https://phabricator.services.mozilla.com/D1874
The renaming here is less widespread than I expected. I removed the
content_alt_handshake while I was at this; no point in putting that in a public
API.
- Update version number
- Forbid negotiating < TLS 1.3 with supported_versions
- Change to version number 0303 after HRR. Plus test
- Update AAD.
https://phabricator.services.mozilla.com/D753
Summary:
- Make any call to ssl3_GatherCompleteHandshake (which transitively
means any read from the wire) return PR_IO_ERROR if an alert has
been sent.
- Patch up a few of the tests to handle this new behavior properly.
These tests actually were a bit harder to follow so they should
also be a bit clearer.
- Add a new set of tests for certificate authentication failure.
Reviewers: mt
Differential Revision: https://phabricator.services.mozilla.com/D365
Kevin Jacobs