-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose various APIs necessary for certificate selection logic #240
Conversation
This is useful for comparing raw u16s with the various sigalg constants.
115b5d4
to
d5615d4
Compare
acb86ab
to
a306c4c
Compare
1683cbb
to
aa88632
Compare
@@ -2264,11 +2268,29 @@ impl ClientHello<'_> { | |||
pub fn random(&self) -> &[u8] { | |||
unsafe { slice::from_raw_parts(self.0.random, self.0.random_len) } | |||
} | |||
|
|||
/// Returns the raw list of ciphers supported by the client in its Client Hello record. | |||
pub fn ciphers(&self) -> &[u8] { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This just returns the raw bytes, but really ciphers are u16
, so it would be more helpful if it just returned a slice of u16
instead, but I'm not entirely sure how to do that without re-allocating the whole thing though 😆 ... there's probably some kind of unsavoury trick to do it in Rust...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So unfortunately casting the raw *const u8
to a *const u16
doesn't work, because of pointer alignment issues. It's problematic because the underlying *const u8
comes form the middle of another buffer, specifically the one that holds the incoming Client Hello message body. I think we'll have to copy these bytes into another u16 buffer - do we want to do that? Or do we want to pass the u8 slice to the user and let them parse it themselves?
2c704d1
to
1b923f4
Compare
The client sent ciphers in the ClientHello are unparsed and thus require the user to convert u16s into SslCipher instances. It could be worth doing this parsing in the library itself to make things consistent and always return a StackRef<SslCipher>.
The macos-13 runner uses intel chips and thus x86, so clang 12.0.0 is easily available.
No description provided.