Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bindings: do not enable OCSP when calling trust_location() #4016

Merged
merged 12 commits into from
Jun 22, 2023

Conversation

WesleyRosenblum
Copy link
Contributor

@WesleyRosenblum WesleyRosenblum commented May 23, 2023

Resolved issues:

resolves #3880

Description of changes:

#3830 points out that OCSP requests are auto-enabled on a client when s2n_config_set_verification_ca_location() is called. Since the Rust bindings equivalent trust_location() calls this function, it has the same behavior. Since this behavior is confusing and generally not desired, this PR changes the Rust bindings to not auto-enable OCSP when trust_location() is called.

Testing:

Added unit tests and a HasExtensionClientHelloHandler that verifies that a particular extension is present or not

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label May 23, 2023
@WesleyRosenblum WesleyRosenblum requested a review from goatgoose May 23, 2023 19:50
@WesleyRosenblum WesleyRosenblum added the do_not_merge PR might needs something before merging, even if approved and passing label May 27, 2023
@WesleyRosenblum WesleyRosenblum changed the title bindings: add set_check_stapled_ocsp_response bindings: do not enable OCSP when calling trust_location() May 27, 2023
bindings/rust/s2n-tls/src/testing/s2n_tls.rs Outdated Show resolved Hide resolved
bindings/rust/s2n-tls/src/testing/s2n_tls.rs Show resolved Hide resolved
bindings/rust/s2n-tls/src/config.rs Outdated Show resolved Hide resolved
@WesleyRosenblum WesleyRosenblum removed the do_not_merge PR might needs something before merging, even if approved and passing label Jun 20, 2023
@WesleyRosenblum WesleyRosenblum merged commit 491e7f8 into main Jun 22, 2023
@WesleyRosenblum WesleyRosenblum deleted the checkocspbinding branch June 22, 2023 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

rust bindings : Support for disabling validation of stapled oscp response
3 participants