tttls1.3 0.2.12 → 0.2.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9677aea746ca98f9d18cfc1e841d836291b7692088cea9fcc3122e88b0bcb32a
-  data.tar.gz: e156e172215e1b76c45a4a43c85e6066499f65e0b0bf8a28c2d6fb524fd8940e
+  metadata.gz: 7006bce3031f6232ae949b44eb31111562d581e359769952f48a537848d50418
+  data.tar.gz: d332e823eb8c677ff534e46a87e96c039aad2d5538c0f823ac7eb365f372ca88
 SHA512:
-  metadata.gz: f12cffcb976c740136afd8fa7b139400f58cb1a3795e7e7347192630e90b0c8e6c5138e9b98214bbc2a7f88a91ecd58332390ef1c1239ccf9d56a71f3f342743
-  data.tar.gz: 5ab10fcdab0e5cac1c4940bb92753c06db1656f615a3146b552b54c119b28483388bbe8b725b8a412b13df0fa3f1f668eaebc7cfb537e10753a3f2e686cf2279
+  metadata.gz: ca37fd2570b905759da152932eb2e6f29c3e37f59135353b9e3cfbce0c683f7493fdd360f9a56c50f2ab252f0460728c09585d018d04b8668de4000b1567d249
+  data.tar.gz: 6e37405f3034de1fe648f0882bbc9d9b65baeac8d1ef142fc776010b8480cd987a87060edf6ae85fd20327afc5327aacb23318e460f510259c99056aa76fb389

data/.github/workflows/ci.yml

@@ -0,0 +1,32 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.6.x', '2.7.x', '3.0.x']
+    steps:
+      - uses: docker://thekuwayama/openssl:latest
+      - name: Set up Ruby
+        uses: actions/setup-ruby@v1
+      - uses: actions/checkout@v1
+      - name: Install dependencies
+        run: |
+          gem --version
+          gem install bundler
+          bundle --version
+          bundle install
+      - name: Run test
+        run: |
+          bundle exec rake
+          bundle exec rake interop:client
+          bundle exec rake interop:server

data/.rubocop.yml

@@ -16,7 +16,7 @@ Metrics/AbcSize:
 Metrics/MethodLength:
   Max: 30
 
-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
   MinNameLength: 1
 
 Metrics/BlockLength:
@@ -25,6 +25,6 @@ Metrics/BlockLength:
     - 'spec/*.rb'
     - 'interop/*.rb'
 
-Metrics/LineLength:
+Layout/LineLength:
   Exclude:
     - 'tttls1.3.gemspec'

data/Gemfile

@@ -7,10 +7,9 @@ gem 'openssl'
 gem 'rake'
 
 group :test do
-  gem 'pry'
-  gem 'pry-byebug'
-  gem 'rspec', '3.8.0'
-  gem 'rubocop', '0.67.2'
+  gem 'byebug'
+  gem 'rspec', '3.9.0'
+  gem 'rubocop', '0.78.0'
 end
 
 gemspec

data/README.md

@@ -1,7 +1,7 @@
 # tttls1.3
 
 [![Gem Version](https://badge.fury.io/rb/tttls1.3.svg)](https://badge.fury.io/rb/tttls1.3)
-[![Actions Status](https://github.com/thekuwayama/tttls1.3/workflows/workflow/badge.svg)](https://github.com/thekuwayama/tttls1.3/actions?query=workflow=.github/workflows/main.yml)
+[![Actions Status](https://github.com/thekuwayama/tttls1.3/workflows/CI/badge.svg)](https://github.com/thekuwayama/tttls1.3/actions?workflow=CI)
 [![Maintainability](https://api.codeclimate.com/v1/badges/47f3c267d9cfd2c8e388/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
 
 tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
@@ -102,6 +102,7 @@ tttls1.3 client is configurable using keyword arguments.
 | `:record_size_limit` | Integer | nil | The record\_size\_limit offerd in ClientHello extensions. If not needed to be present, set nil. |
 | `:check_certificate_status` | Boolean | false | If needed to check certificate status, set true. |
 | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
+| `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
@@ -119,6 +120,8 @@ tttls1.3 server is configurable using keyword arguments.
 | `:signature_algorithms` | Array of TTTLS13::SignatureScheme constant | `ECDSA_SECP256R1_SHA256`, `ECDSA_SECP384R1_SHA384`, `ECDSA_SECP521R1_SHA512`, `RSA_PSS_RSAE_SHA256`, `RSA_PSS_RSAE_SHA384`, `RSA_PSS_RSAE_SHA512`, `RSA_PKCS1_SHA256`, `RSA_PKCS1_SHA384`, `RSA_PKCS1_SHA512` | List of supported signature algorithms. |
 | `:supported_groups` | Array of TTTLS13::NamedGroup constant | `SECP256R1`, `SECP384R1`, `SECP521R1` | List of supported named groups. |
 | `:alpn` | Array of String | nil | List of supported application protocols. If not needed to check this extension, set nil. |
+| `:process_ocsp_response` | Proc | nil | Proc that gets OpenSSL::OCSP::Response. If not needed to staple OCSP::Response, set nil. |
+| `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 

data/example/helper.rb

@@ -36,7 +36,7 @@ def recv_http_response(client)
   parser = HTTP::Parser.new
   buf = nil
 
-  parser.on_headers_complete = proc do |headers|
+  parser.on_headers_complete = lambda do |headers|
     buf =
       [
         'HTTP/' + parser.http_version.join('.'),
@@ -47,11 +47,11 @@ def recv_http_response(client)
       + WEBrick::CRLF
   end
 
-  parser.on_body = proc do |chunk|
+  parser.on_body = lambda do |chunk|
     buf += chunk
   end
 
-  parser.on_message_complete = proc do
+  parser.on_message_complete = lambda do
     client.close
   end
 

data/example/https_client.rb

@@ -12,7 +12,7 @@ settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1']
 }
-client = TTTLS13::Client.new(socket, hostname, settings)
+client = TTTLS13::Client.new(socket, hostname, **settings)
 client.connect
 client.write(req)
 

data/example/https_client_using_0rtt.rb

@@ -11,7 +11,7 @@ settings_2nd = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1']
 }
-process_new_session_ticket = proc do |nst, rms, cs|
+process_new_session_ticket = lambda do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
 
   settings_2nd[:ticket] = nst.ticket
@@ -36,7 +36,7 @@ succeed_early_data = false
   settings_2nd
 ].each_with_index do |settings, i|
   socket = TCPSocket.new(hostname, port)
-  client = TTTLS13::Client.new(socket, hostname, settings)
+  client = TTTLS13::Client.new(socket, hostname, **settings)
 
   # send message using early data; 0-RTT
   client.early_data(req) if i == 1 && settings.include?(:ticket)

data/example/https_client_using_hrr.rb

@@ -13,7 +13,7 @@ settings = {
   key_share_groups: [], # empty KeyShareClientHello.client_shares
   alpn: ['http/1.1']
 }
-client = TTTLS13::Client.new(socket, hostname, settings)
+client = TTTLS13::Client.new(socket, hostname, **settings)
 client.connect
 client.write(req)
 print recv_http_response(client)

data/example/https_client_using_hrr_and_ticket.rb

@@ -11,7 +11,7 @@ settings_2nd = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1']
 }
-process_new_session_ticket = proc do |nst, rms, cs|
+process_new_session_ticket = lambda do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
 
   settings_2nd[:key_share_groups] = [] # empty KeyShareClientHello.client_shares
@@ -35,7 +35,7 @@ settings_1st = {
   settings_2nd
 ].each do |settings|
   socket = TCPSocket.new(hostname, port)
-  client = TTTLS13::Client.new(socket, hostname, settings)
+  client = TTTLS13::Client.new(socket, hostname, **settings)
   client.connect
   client.write(req)
   print recv_http_response(client)

data/example/https_client_using_status_request.rb

@@ -7,7 +7,7 @@ hostname, port = (ARGV[0] || 'localhost:4433').split(':')
 ca_file = __dir__ + '/../tmp/ca.crt'
 req = simple_http_request(hostname)
 
-process_certificate_status = proc do |res, cert, chain|
+process_certificate_status = lambda do |res, cert, chain|
   puts 'stapled OCSPResponse: '
   puts res.basic.status.pretty_inspect unless res.nil?
   puts '-' * 10
@@ -22,7 +22,7 @@ settings = {
   check_certificate_status: true,
   process_certificate_status: process_certificate_status
 }
-client = TTTLS13::Client.new(socket, hostname, settings)
+client = TTTLS13::Client.new(socket, hostname, **settings)
 client.connect
 client.write(req)
 

data/example/https_client_using_ticket.rb

@@ -11,7 +11,7 @@ settings_2nd = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1']
 }
-process_new_session_ticket = proc do |nst, rms, cs|
+process_new_session_ticket = lambda do |nst, rms, cs|
   return if Time.now.to_i - nst.timestamp > nst.ticket_lifetime
 
   settings_2nd[:ticket] = nst.ticket
@@ -34,7 +34,7 @@ settings_1st = {
   settings_2nd
 ].each do |settings|
   socket = TCPSocket.new(hostname, port)
-  client = TTTLS13::Client.new(socket, hostname, settings)
+  client = TTTLS13::Client.new(socket, hostname, **settings)
   client.connect
   client.write(req)
   print recv_http_response(client)

data/example/https_server.rb

@@ -23,10 +23,10 @@ Etc.nprocessors.times do
     loop do
       s = q.pop
       Timeout.timeout(1) do
-        server = TTTLS13::Server.new(s, settings)
+        server = TTTLS13::Server.new(s, **settings)
         parser = HTTP::Parser.new
 
-        parser.on_message_complete = proc do
+        parser.on_message_complete = lambda do
           if !parser.http_method.nil?
             logger.info 'Receive Request'
             server.write(simple_http_response('TEST'))

data/interop/client_spec.rb

@@ -7,14 +7,13 @@ FIXTURES_DIR = __dir__ + '/../spec/fixtures'
 PORT = 4433
 
 RSpec.describe Client do
-  # testcases
   # normal [Boolean] Is this nominal scenarios?
   # opt [String] openssl s_server options
   # crt [String] server crt file path
   # key [String] server key file path
   # settings [Hash] TTTLS13::Server settings
-  [
-    # rubocop: disable Metrics/LineLength
+  # rubocop: disable Layout/LineLength
+  testcases = [
     [
       true,
       '-ciphersuites TLS_AES_256_GCM_SHA384',
@@ -163,8 +162,9 @@ RSpec.describe Client do
       'rsa_rsa.key',
       compatibility_mode: false
     ]
-    # rubocop: enable Metrics/LineLength
-  ].each do |normal, opt, crt, key, settings|
+  ]
+  # rubocop: enable Layout/LineLength
+  testcases.each do |normal, opt, crt, key, settings|
     context 'client interop' do
       before do
         cmd = 'openssl s_server ' \
@@ -187,7 +187,7 @@ RSpec.describe Client do
         hostname = 'localhost'
         @socket = TCPSocket.new(hostname, PORT)
         settings[:ca_file] = FIXTURES_DIR + '/rsa_ca.crt'
-        Client.new(@socket, hostname, settings)
+        Client.new(@socket, hostname, **settings)
       end
 
       after do

data/interop/server_spec.rb

@@ -9,14 +9,13 @@ PORT = 4433
 tcpserver = TCPServer.open(PORT)
 
 RSpec.describe Server do
-  # testcases
   # normal [Boolean] Is this nominal scenarios?
   # opt [String] openssl s_client options
   # crt [String] server crt file path
   # key [String] server key file path
   # settings [Hash] TTTLS13::Client settins
-  [
-    # rubocop: disable Metrics/LineLength
+  # rubocop: disable Layout/LineLength
+  testcases = [
     [
       true,
       '-groups P-256:P-384:P-521 -ciphersuites TLS_AES_256_GCM_SHA384',
@@ -172,8 +171,9 @@ RSpec.describe Server do
       FIXTURES_DIR + '/rsa_rsa.key',
       compatibility_mode: false
     ]
-    # rubocop: enable Metrics/LineLength
-  ].each do |normal, opt, crt, key, settings|
+  ]
+  # rubocop: enable Layout/LineLength
+  testcases.each do |normal, opt, crt, key, settings|
     context 'server interop' do
       let(:server) do
         loop do
@@ -182,7 +182,7 @@ RSpec.describe Server do
         end
         settings[:crt_file] = crt
         settings[:key_file] = key
-        Server.new(@socket, settings)
+        Server.new(@socket, **settings)
       end
 
       let(:client) do