Skip to content

Commit

Permalink
server: remove ClientHello constructor
Browse files Browse the repository at this point in the history
  • Loading branch information
djc committed Dec 11, 2024
1 parent 3ba5167 commit 2f74c3d
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 52 deletions.
22 changes: 18 additions & 4 deletions rustls/src/server/handy.rs
Original file line number Diff line number Diff line change
Expand Up @@ -200,9 +200,9 @@ impl server::ResolvesServerCert for AlwaysResolvesChain {
}

/// An exemplar `ResolvesServerCert` implementation that always resolves to a single
/// [RFC 7250] raw public key.
/// [RFC 7250] raw public key.
///
/// [RFC 7250]: https://tools.ietf.org/html/rfc7250
/// [RFC 7250]: https://tools.ietf.org/html/rfc7250
#[derive(Clone, Debug)]
pub struct AlwaysResolvesServerRawPublicKeys(Arc<sign::CertifiedKey>);

Expand Down Expand Up @@ -306,7 +306,14 @@ mod sni_resolver {
fn test_resolvesservercertusingsni_requires_sni() {
let rscsni = ResolvesServerCertUsingSni::new();
assert!(rscsni
.resolve(ClientHello::new(&None, &[], None, None, None, &[]))
.resolve(ClientHello {
server_name: &None,
signature_schemes: &[],
alpn: None,
server_cert_types: None,
client_cert_types: None,
cipher_suites: &[]
})
.is_none());
}

Expand All @@ -317,7 +324,14 @@ mod sni_resolver {
.unwrap()
.to_owned();
assert!(rscsni
.resolve(ClientHello::new(&Some(name), &[], None, None, None, &[]))
.resolve(ClientHello {
server_name: &Some(name),
signature_schemes: &[],
alpn: None,
server_cert_types: None,
client_cert_types: None,
cipher_suites: &[]
})
.is_none());
}
}
Expand Down
17 changes: 9 additions & 8 deletions rustls/src/server/hs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -400,14 +400,15 @@ impl ExpectClientHello {

// Choose a certificate.
let certkey = {
let client_hello = ClientHello::new(
&cx.data.sni,
&sig_schemes,
client_hello.alpn_extension(),
client_hello.server_certificate_extension(),
client_hello.client_certificate_extension(),
&client_hello.cipher_suites,
);
let client_hello = ClientHello {
server_name: &cx.data.sni,
signature_schemes: &sig_schemes,
alpn: client_hello.alpn_extension(),
client_cert_types: client_hello.server_certificate_extension(),
server_cert_types: client_hello.client_certificate_extension(),
cipher_suites: &client_hello.cipher_suites,
};
trace!("Resolving server certificate: {client_hello:#?}");

let certkey = self
.config
Expand Down
58 changes: 18 additions & 40 deletions rustls/src/server/server_conn.rs
Original file line number Diff line number Diff line change
Expand Up @@ -132,42 +132,17 @@ pub trait ResolvesServerCert: Debug + Send + Sync {
}

/// A struct representing the received Client Hello
#[derive(Debug)]
pub struct ClientHello<'a> {
server_name: &'a Option<DnsName<'a>>,
signature_schemes: &'a [SignatureScheme],
alpn: Option<&'a Vec<ProtocolName>>,
server_cert_types: Option<&'a [CertificateType]>,
client_cert_types: Option<&'a [CertificateType]>,
cipher_suites: &'a [CipherSuite],
pub(super) server_name: &'a Option<DnsName<'a>>,
pub(super) signature_schemes: &'a [SignatureScheme],
pub(super) alpn: Option<&'a Vec<ProtocolName>>,
pub(super) server_cert_types: Option<&'a [CertificateType]>,
pub(super) client_cert_types: Option<&'a [CertificateType]>,
pub(super) cipher_suites: &'a [CipherSuite],
}

impl<'a> ClientHello<'a> {
/// Creates a new ClientHello
pub(super) fn new(
server_name: &'a Option<DnsName<'_>>,
signature_schemes: &'a [SignatureScheme],
alpn: Option<&'a Vec<ProtocolName>>,
server_cert_types: Option<&'a [CertificateType]>,
client_cert_types: Option<&'a [CertificateType]>,
cipher_suites: &'a [CipherSuite],
) -> Self {
trace!("sni {:?}", server_name);
trace!("sig schemes {:?}", signature_schemes);
trace!("alpn protocols {:?}", alpn);
trace!("server cert types {:?}", server_cert_types);
trace!("client cert types {:?}", client_cert_types);
trace!("cipher suites {:?}", cipher_suites);

ClientHello {
server_name,
signature_schemes,
alpn,
server_cert_types,
client_cert_types,
cipher_suites,
}
}

/// Get the server name indicator.
///
/// Returns `None` if the client did not supply a SNI.
Expand Down Expand Up @@ -938,14 +913,17 @@ impl Accepted {
/// Get the [`ClientHello`] for this connection.
pub fn client_hello(&self) -> ClientHello<'_> {
let payload = Self::client_hello_payload(&self.message);
ClientHello::new(
&self.connection.core.data.sni,
&self.sig_schemes,
payload.alpn_extension(),
payload.server_certificate_extension(),
payload.client_certificate_extension(),
&payload.cipher_suites,
)
let ch = ClientHello {
server_name: &self.connection.core.data.sni,
signature_schemes: &self.sig_schemes,
alpn: payload.alpn_extension(),
server_cert_types: payload.server_certificate_extension(),
client_cert_types: payload.client_certificate_extension(),
cipher_suites: &payload.cipher_suites,
};

trace!("Accepted::client_hello(): {ch:#?}");
ch
}

/// Convert the [`Accepted`] into a [`ServerConnection`].
Expand Down

0 comments on commit 2f74c3d

Please sign in to comment.