tttls1.3 0.2.10 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -0
  3. data/lib/tttls1.3/server.rb +15 -4
  4. data/lib/tttls1.3/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a88e723a99666a675766294bcd4693baad9d49f9d8d2c95e2c9361d74ea74e0a
4
- data.tar.gz: e7c18f7242cf74229ae99232366d18854c898ce18e9f5805af8ca5694666e7bc
3
+ metadata.gz: 8f5aa81468afa7bdfe5706ab689499342070b9ccba1c3407e4aef7e7f5f2a6fc
4
+ data.tar.gz: 62b65e459cb2f1a0f14e1be474ab711aeb83d313e14cfdafc3b75dba44ddaf95
5
5
  SHA512:
6
- metadata.gz: a36f3a4f8dc7884a3927572285773390e0076ff6f154366aeb85dbda10ed1edbdb0964ab2201b236b77f1b7c862cd61796a5eae9574883790da83b5e2c52c375
7
- data.tar.gz: 88688015bd166a0c93bf2c6663eda3649719362228c496a7662bf162e236f1a0a04d7f5aa18d477cb18a3986c97fe9e7cab89fd7c04ba09caa1dd92c70441433
6
+ metadata.gz: f11b5d1dae32d9e9aca363fee567840d0bf2da02a95e4f7930965c03ac3d53b4751d65cfd4eb709ab47a04cb51d4c14a28783e8519ffe0e9a7e479890b017520
7
+ data.tar.gz: e24b2a06489681198c28e1b5def42bd512102591c232fa7ccb847d5742a52cb3c62dd7289bfc4012be45f743f176bf945863f03c785805e2eb53412acbad291f
data/README.md CHANGED
@@ -111,6 +111,7 @@ tttls1.3 server is configurable using keyword arguments.
111
111
  | key | type | default value | description |
112
112
  |-----|------|---------------|-------------|
113
113
  | `:crt_file` | String | nil | Path to the certificate file. This is a required setting. |
114
+ | `:chain_files` | Array of OpenSSL::X509::Certificate | nil | Paths to the itermediate certificate files. |
114
115
  | `:key_file` | String | nil | Path to the private key file. This is a required setting. |
115
116
  | `:cipher_suites` | Array of TTTLS13::CipherSuite constant | `TLS_AES_256_GCM_SHA384`, `TLS_CHACHA20_POLY1305_SHA256`, `TLS_AES_128_GCM_SHA256` | List of supported cipher suites. |
116
117
  | `:signature_algorithms` | Array of TTTLS13::SignatureScheme constant | `ECDSA_SECP256R1_SHA256`, `ECDSA_SECP384R1_SHA384`, `ECDSA_SECP521R1_SHA512`, `RSA_PSS_RSAE_SHA256`, `RSA_PSS_RSAE_SHA384`, `RSA_PSS_RSAE_SHA512`, `RSA_PKCS1_SHA256`, `RSA_PKCS1_SHA384`, `RSA_PKCS1_SHA512` | List of supported signature algorithms. |
data/lib/tttls1.3/server.rb CHANGED
@@ -46,6 +46,7 @@ module TTTLS13
46
46
 
47
47
  DEFAULT_SERVER_SETTINGS = {
48
48
  crt_file: nil,
49
+ chain_files: nil,
49
50
  key_file: nil,
50
51
  cipher_suites: DEFAULT_SP_CIPHER_SUITES,
51
52
  signature_algorithms: DEFAULT_SP_SIGNATURE_ALGORITHMS,
@@ -75,6 +76,14 @@ module TTTLS13
75
76
  klass = @crt.public_key.class
76
77
  @key = klass.new(File.read(@settings[:key_file]))
77
78
  raise Error::ConfigError unless @crt.check_private_key(@key)
79
+
80
+ @chain = @settings[:chain_files]&.map do |f|
81
+ OpenSSL::X509::Certificate.new(File.read(f))
82
+ end
83
+ @chain ||= []
84
+ ([@crt] + @chain).each_cons(2) do |cert, sign|
85
+ raise Error::ConfigError unless cert.verify(sign.public_key)
86
+ end
78
87
  end
79
88
 
80
89
  # NOTE:
@@ -230,7 +239,7 @@ module TTTLS13
230
239
  unless ch.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT].nil?
231
240
  ee = transcript[EE] = gen_encrypted_extensions(ch, @alpn, rsl)
232
241
  # TODO: [Send CertificateRequest]
233
- ct = transcript[CT] = gen_certificate(@crt)
242
+ ct = transcript[CT] = gen_certificate(@crt, @chain)
234
243
  digest = CipherSuite.digest(@cipher_suite)
235
244
  cv = transcript[CV] = gen_certificate_verify(
236
245
  @key,
@@ -394,11 +403,13 @@ module TTTLS13
394
403
  end
395
404
 
396
405
  # @param crt [OpenSSL::X509::Certificate]
406
+ # @param chain [Array of OpenSSL::X509::Certificate]
397
407
  #
398
408
  # @return [TTTLS13::Message::Certificate, nil]
399
- def gen_certificate(crt)
400
- ce = Message::CertificateEntry.new(crt)
401
- Message::Certificate.new(certificate_list: [ce])
409
+ def gen_certificate(crt, chain = [])
410
+ ces = [crt] + (chain || [])
411
+ ces.map! { |c| Message::CertificateEntry.new(c) }
412
+ Message::Certificate.new(certificate_list: ces)
402
413
  end
403
414
 
404
415
  # @param key [OpenSSL::PKey::PKey]
data/lib/tttls1.3/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module TTTLS13
4
- VERSION = '0.2.10'
4
+ VERSION = '0.2.11'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tttls1.3
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.10
4
+ version: 0.2.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - thekuwayama
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-09 00:00:00.000000000 Z
11
+ date: 2019-12-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler