Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zig cannot connect to some TLS servers #17446

Open
vigoux opened this issue Oct 9, 2023 · 5 comments
Open

Zig cannot connect to some TLS servers #17446

vigoux opened this issue Oct 9, 2023 · 5 comments
Labels
bug Observed behavior contradicts documented or intended behavior standard library This issue involves writing Zig code for the standard library.
Milestone
0.14.0

Comments

@vigoux
Copy link

vigoux commented Oct 9, 2023

Zig Version

0.12.0-dev.800+a9b37ac63

Steps to Reproduce and Observed Behavior

Using the following file:

const std = @import("std");

pub fn main() !void {
    const HOST = "irc.libera.chat";
    const PORT = 6697;

    var all = std.heap.page_allocator;
    var conn = try std.net.tcpConnectToHost(all, HOST, PORT);
    defer conn.close();

    var bundle = std.crypto.Certificate.Bundle{};
    try bundle.rescan(all);
    defer bundle.deinit(all);

    var tlsconn = try std.crypto.tls.Client.init(conn, bundle, HOST);

    var buf: [15]u8 = undefined;
    var read = try tlsconn.read(conn, &buf);

    std.debug.print("Got: {s}", .{buf[0..read]});
}

I get:

error: TlsUnexpectedMessage
/.../std/crypto/tls/Client.zig:694:29: 0x320caf in init__anon_4534 (zigtest)
                            return error.TlsUnexpectedMessage;
                            ^
/.../src/main.zig:15:19: 0x27f08a in main (zigtest)
    var tlsconn = try std.crypto.tls.Client.init(conn, bundle, HOST);
                  ^

After some discussion on Discord (and IRC), it seems that the client does not support client certificate requests (which is used by IRC servers for authentication).

Expected Behavior

No error.

And possibly an API to set the client certificate. It is hard for me to think of a non-breaking way to do this though.
@vigoux vigoux added the bug Observed behavior contradicts documented or intended behavior label Oct 9, 2023
@vigoux
Copy link
Author

vigoux commented Oct 9, 2023

For the record, here is the specification for CertificateRequest: https://www.rfc-editor.org/rfc/rfc8446#section-4.3.2

@Vexu Vexu added the standard library This issue involves writing Zig code for the standard library. label Oct 9, 2023
@Vexu Vexu added this to the 0.13.0 milestone Oct 9, 2023
@karlseguin
Copy link
Contributor

Seems like a dupe of #14172

@kamlesh-nb
Copy link

kamlesh-nb commented Dec 6, 2023
edited
Loading

@Vexu any idea who's working on implementing tls 1.2?

@Vexu
Copy link
Member

Vexu commented Dec 7, 2023

I don't know if anyone is working on it currently.

@dimdin
Copy link

dimdin commented May 10, 2024
edited
Loading

I tried to connect to a tls enabled postgresql server and got this message:

error: TlsUnexpectedMessage
zig-0.12.0/lib/std/crypto/tls/Client.zig:713:29: 0x113e9f1 in init__anon_4711
                            return error.TlsUnexpectedMessage;
                            ^
src/main.zig:26:22: 0x109ef89 in connect
    var tls_client = try std.crypto.tls.Client.init(stream, ca_bundle, host);
                     ^

I found that the postgresql response to the ClientHello message had 7 records:
Server Hello=22, Change Cipher Spec=20, followed by 5 Application Data=23.
It is the Application Data in the same TCP packet that zig code does not expect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Observed behavior contradicts documented or intended behavior standard library This issue involves writing Zig code for the standard library.
Projects
None yet
Milestone
0.14.0
Development

No branches or pull requests
5 participants
@karlseguin @dimdin @kamlesh-nb @Vexu @vigoux