transports/tls: Add libp2p-tls as per spec
#2945
Conversation
This code is extracted from #2289. Co-authored-by: David Craven <david@craven.ch> Co-authored-by: Roman Proskuryakov <r.proskuryakoff@gmail.com> Co-authored-by: Max Inden <mail@max-inden.de Co-authored-by: Elena Frank <elena.frank@protonmail.com>
We shouldn't rely on our callers to call `verify` here.
This will be useful for testing.
We are already leaking the `rustls` dependency to our clients
through the `make_{server,client}_config` functions which have to
be public for QUIC. Might as well reduce boilerplate and not wrap
`TlsStream`.
|
Unfortunately, it seems |
I had to dig into RFC for TLS 1.3 to get the list of algorithms. These are not "too many", these are actual list of supported algos. |
Yep, I've been down that road too when working on the code :) |
I could use https://github.com/barebones-x509/barebones-x509/ and reuse their code to minify the code in the tls module. But when I tried to dial to a go implementation it didn't work. (the crate was/is OK, we didn't use it properly). So I carefully rewrote it controlling every part I could and trying not to bloat the code but to keep it reasonable. It took me a month or so to figure out what's broken. So the code can be compatible with the go impl and does not break on a weird but acceptable by RFC configuration. You are free to refactor as you like leaving the authorship and copyrights. Feel free to ping me for an extra code review. I will be happy to assist.
I don't know what's the point of co-authorship with squash-merge. The code was originally written by @Demi-Marie in #1334 and rewritten by me looking at their code and at the barebones-x509 crate. So their co-authorship is not an open question. |
I am not planning to as I don't think I have the necessary knowledge at this point. Thanks for your prior work!
I am planning to attribute co-authorship to all people involved in this code on the squash-merge commit. I think that is fair. Please let me know if you disagree! In particular, am planning on including the following (in alphabetical order): |
thomaseizinger
requested review from
mxinden and
kpp
and removed request for
kpp
There was a problem hiding this comment.
This is good to merge from my end. Please go ahead @thomaseizinger unless @elenaf9 has any objections.
I am in favor of adding the above list of co-authors to the squash commit.
transports/tls/Cargo.toml
Outdated
| @@ -0,0 +1,29 @@ | |||
| [package] | |||
| name = "libp2p-tls" | |||
| version = "0.1.0" | |||
There was a problem hiding this comment.
| version = "0.1.0" | |
| version = "0.1.0-alpha" |
To the best of my knowledge, the code below has not run in any production systems.
To communicate expectations, I suggest releasing this as an alpha first.
See also same suggestion on QUIC pull request #2289 (comment)
There was a problem hiding this comment.
On it!
Most users depend on libp2p though so they are not going to see this version. IMO we are effectively removing that "alpha" label again through the re-export.
Do you think we should perhaps not re-export the TLS implementation yet so users have to depend on it manually?
There was a problem hiding this comment.
Most users depend on
libp2pthough so they are not going to see this version. IMO we are effectively removing that "alpha" label again through the re-export.
That is true. Though I would explicitly call it out in the changelog.
Do you think we should perhaps not re-export the TLS implementation yet so users have to depend on it manually?
I don't have an opinion here. I think we should be consistent with libp2p-quic. Chatted with @elenaf9 quickly. She prefers not removing libp2p-quic from libp2p.
There was a problem hiding this comment.
What do you think about annotating the re-export with the unstable attribute macro @thomaseizinger ?
There was a problem hiding this comment.
What do you think about annotating the re-export with the
unstableattribute macro @thomaseizinger ?
That is specific to the Rust compiler from what I know, I don't think you can use that actually?
There was a problem hiding this comment.
Ah yes you are right! Don't have a strong on opinion on whether to re-export tls and quic or not. I did not consider that when re-exporting we "hide" the alpha-flag, so maybe not re-exporting is the best solution after all.
There was a problem hiding this comment.
I think not exporting it would be the better solution but I don't want to block this PR on it. We can always change that until the next release.
|
Currently blocked on libp2p/test-plans#60. |
Given that libp2p#2945 merged, we can remove the TLS section here.
Description
This code is mostly extracted from #2289. I've tagged everyone who made contributions to that PR as co-authors (cc @kpp @dvc94ch @elenaf9 @mxinden) in the first commit.
On top of that, this also adds an implementation of the
Upgrade{Inbound,Outbound}traits so that TLS can be used with other transports. Finally, this PR also makes an effort towards libp2p/specs#459 by including a few static tests (cc @marten-seemann).Links to any relevant issues
quinn-proto#2289Open Questions
Open tasks
Co-authored-by: Demi Marie Obenour <demiobenour@gmail.com>Co-authored-by: Pierre Krieger <pierre.krieger1708@gmail.com>Change checklist