Skip to content
This repository has been archived by the owner on May 26, 2022. It is now read-only.

use the handshake logic from go-libp2p-tls #67

Merged
merged 2 commits into from
Aug 5, 2019
Merged

use the handshake logic from go-libp2p-tls #67

merged 2 commits into from
Aug 5, 2019

Conversation

marten-seemann
Copy link
Collaborator

@marten-seemann marten-seemann commented Jul 29, 2019
edited
Loading

Fixes #3. Fixes #18. Fixes #60.
CI is failing because quic-go dependency is not updated yet.

Furthermore, this depends on a new quic-go release, which includes quic-go/quic-go#2024. We will also need to increase the QUIC version number, since the old and the new handshake are incompatible. This makes sense anyway, since a new QUIC draft version was released recently. By using a new QUIC version number, peers using the old and the new handshake won't be able to connect to each other (using QUIC), so we won't get any handshake failures from that.

This PR implements the easiest possible way to reuse the handshake logic from go-libp2p-tls, which is slightly more computationally expensive for the server: Since QUIC multiplexes connections, we don't have the clear order that we have in TCP: 1. accept TCP connection, 2. run TLS handshake on that connection.
In QUIC, the first time we learn about a new connection attempt is when the tls.Config.GetConfigForClient callback is called. We use this callback to return a tls.Config that verifies the peer's certificate chain. At some point later, quic-go will return a fully establish QUIC connection (if the handshake succeeded). However, we have no way of associating this connection with the tls.Config we returned earlier (keep in mind that the server could be running multiple handshakes concurrently), so we need to parse the certificate chain a second time to determine the peer's identity.

This was referenced Jul 29, 2019
Closed
Closed
Merged
Stebalien
Stebalien suggested changes Jul 31, 2019
View reviewed changes
Copy link
Member

@Stebalien Stebalien left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

transport.go Show resolved Hide resolved
Stebalien
Stebalien suggested changes Aug 1, 2019
View reviewed changes
transport.go Show resolved Hide resolved
@marten-seemann marten-seemann mentioned this pull request Aug 5, 2019
Merged
@marten-seemann marten-seemann marked this pull request as ready for review August 5, 2019 01:17
@marten-seemann
Copy link
Collaborator Author

I just released a new quic-go version, which bumps the QUIC version number. See PR #68.
We should merge these two PRs at the same time, and then cut a new go-libp2p-quic-transport release.

@Stebalien
Copy link
Member

(lgtm once the tests pass)

@marten-seemann marten-seemann merged commit fd198fe into master Aug 5, 2019
@marten-seemann marten-seemann deleted the tls-handshake branch August 5, 2019 05:58
@marten-seemann marten-seemann mentioned this pull request Aug 14, 2019
Closed
@carsonfarmer carsonfarmer mentioned this pull request Aug 16, 2019
Closed
@marten-seemann marten-seemann mentioned this pull request Oct 13, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Stebalien Stebalien Stebalien approved these changes

@raulk raulk Awaiting requested review from raulk

@Kubuxu Kubuxu Awaiting requested review from Kubuxu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

QUIC transport constructor fails with ed25519 keys reuse code from go-libp2p-tls Handshake Design
2 participants
@marten-seemann @Stebalien