tttls1.3 0.2.15 → 0.2.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba824030b1a295566777d4d12c35e259d379bc9a830b0cb95792356cc547a436
-  data.tar.gz: c3f2e8fd07567133cce7e8f24fcaf02499b8cceff6088ca403ca2e9be9e5ab5f
+  metadata.gz: 1a07aded25aecad8bd61ff9fd49a70df15c8abf356d4747891486dd81386b68d
+  data.tar.gz: 4637b3288dab22caae951cc43c283057fd3ed215fc5fa86e318becc3369ac7b2
 SHA512:
-  metadata.gz: 00e939bf927db1923274985cdad6526d16b6d99216f62ff3978b3bae9cdcedf675482b96f49a224f9f982f1d8c6f7ca0b49f282086422e73e93b4b74d13f0722
-  data.tar.gz: 1e523ad0d29d6f29dbd94388f9f895abf69324ceb4336406b13e21793395abdf795a0f043ee89899e888b851d85f2190064e93b70efec092964e34c94b15ac76
+  metadata.gz: 621a8f82c99e21e964cfb6defe14e2f8864f1c42cc94c9af725de2ff73929226d99a694c893ada3fc44c5224be70ec87bfcb291eceab271b33e4759c6c900cd8
+  data.tar.gz: 9088db06f998013577eb647d064e97035047a2cef7799010bc91f18384787bdf158357fd33c296b92ec1bc07a2ad1b307c98d0217735dfef5c6acf565f3c9433

data/.github/workflows/ci.yml

@@ -3,7 +3,7 @@ name: CI
 on:
   push:
     branches:
-      - master
+      - main
   pull_request:
     branches:
       - '*'
@@ -13,12 +13,14 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['2.6.x', '2.7.x']
+        ruby-version: ['2.7.x', '3.0.x', '3.1.x']
     steps:
+      - uses: actions/checkout@v3
       - uses: docker://thekuwayama/openssl:latest
       - name: Set up Ruby
-        uses: actions/setup-ruby@v1
-      - uses: actions/checkout@v1
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
       - name: Install dependencies
         run: |
           gem --version

data/.gitignore

@@ -14,3 +14,4 @@ Gemfile.lock
 /coverage/
 /spec/reports/
 /tmp/
+.DS_Store

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 2.7
 
 Style/ConditionalAssignment:
   Enabled: false
@@ -28,3 +28,7 @@ Metrics/BlockLength:
 Layout/LineLength:
   Exclude:
     - 'tttls1.3.gemspec'
+
+# https://github.com/rubocop/rubocop/issues/10258
+Layout/BlockAlignment:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+3.1.2

data/Gemfile

@@ -6,10 +6,12 @@ gem 'logger'
 gem 'openssl'
 gem 'rake'
 
-group :test do
+group :development do
   gem 'byebug'
+  gem 'http_parser.rb'
   gem 'rspec', '3.9.0'
   gem 'rubocop', '0.78.0'
+  gem 'webrick'
 end
 
 gemspec

data/README.md

@@ -2,7 +2,7 @@
 
 [![Gem Version](https://badge.fury.io/rb/tttls1.3.svg)](https://badge.fury.io/rb/tttls1.3)
 [![Actions Status](https://github.com/thekuwayama/tttls1.3/workflows/CI/badge.svg)](https://github.com/thekuwayama/tttls1.3/actions?workflow=CI)
-[![Maintainability](https://api.codeclimate.com/v1/badges/47f3c267d9cfd2c8e388/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
+[![Maintainability](https://api.codeclimate.com/v1/badges/b5ae1b3a43828142d2fa/maintainability)](https://codeclimate.com/github/thekuwayama/tttls1.3/maintainability)
 
 tttls1.3 is Ruby implementation of [TLS 1.3](https://tools.ietf.org/html/rfc8446) protocol.
 
@@ -74,7 +74,7 @@ server.write(YOUR_MESSAGE)
 server.close
 ```
 
-[Here](https://github.com/thekuwayama/tttls1.3/tree/master/example) are some examples of HTTPS.
+[Here](https://github.com/thekuwayama/tttls1.3/tree/main/example) are some examples of HTTPS.
 
 
 ## Settings
@@ -102,7 +102,9 @@ tttls1.3 client is configurable using keyword arguments.
 | `:record_size_limit` | Integer | nil | The record\_size\_limit offerd in ClientHello extensions. If not needed to be present, set nil. |
 | `:check_certificate_status` | Boolean | false | If needed to check certificate status, set true. |
 | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
+| `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
 
@@ -120,7 +122,9 @@ tttls1.3 server is configurable using keyword arguments.
 | `:supported_groups` | Array of TTTLS13::NamedGroup constant | `SECP256R1`, `SECP384R1`, `SECP521R1` | List of supported named groups. |
 | `:alpn` | Array of String | nil | List of supported application protocols. If not needed to check this extension, set nil. |
 | `:process_ocsp_response` | Proc | nil | Proc that gets OpenSSL::OCSP::Response. If not needed to staple OCSP::Response, set nil. |
+| `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
+| `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
 
 

data/example/https_client.rb

@@ -10,7 +10,8 @@ req = simple_http_request(hostname)
 socket = TCPSocket.new(hostname, port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
-  alpn: ['http/1.1']
+  alpn: ['http/1.1'],
+  sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
 client = TTTLS13::Client.new(socket, hostname, **settings)
 client.connect

data/example/https_server.rb

@@ -12,7 +12,8 @@ settings = {
   crt_file: __dir__ + '/../tmp/server.crt',
   chain_files: [__dir__ + '/../tmp/intermediate.crt'],
   key_file: __dir__ + '/../tmp/server.key',
-  alpn: ['http/1.1']
+  alpn: ['http/1.1'],
+  sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
 
 q = Queue.new
@@ -49,7 +50,7 @@ Etc.nprocessors.times do
     rescue Timeout::Error
       logger.warn 'Timeout'
     ensure
-      s.close
+      s&.close
     end
   end
 end

data/lib/tttls1.3/client.rb

@@ -43,6 +43,11 @@ module TTTLS13
   ].freeze
   private_constant :DEFAULT_CH_NAMED_GROUP_LIST
 
+  DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS = [
+    Message::Extension::CertificateCompressionAlgorithm::ZLIB
+  ].freeze
+  private_constant :DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS
+
   DEFAULT_CLIENT_SETTINGS = {
     ca_file: nil,
     cipher_suites: DEFAULT_CH_CIPHER_SUITES,
@@ -61,7 +66,9 @@ module TTTLS13
     record_size_limit: nil,
     check_certificate_status: false,
     process_certificate_status: nil,
+    compress_certificate_algorithms: DEFALUT_CH_COMPRESS_CERTIFICATE_ALGORITHMS,
     compatibility_mode: true,
+    sslkeylogfile: nil,
     loglevel: Logger::WARN
   }.freeze
   private_constant :DEFAULT_CLIENT_SETTINGS
@@ -145,6 +152,15 @@ module TTTLS13
       hs_wcipher = nil # TTTLS13::Cryptograph::$Object
       hs_rcipher = nil # TTTLS13::Cryptograph::$Object
       e_wcipher = nil # TTTLS13::Cryptograph::$Object
+      sslkeylogfile = nil # TTTLS13::SslKeyLogFile::Writer
+      unless @settings[:sslkeylogfile].nil?
+        begin
+          sslkeylogfile = SslKeyLogFile::Writer.new(@settings[:sslkeylogfile])
+        rescue SystemCallError => e
+          msg = "\"#{@settings[:sslkeylogfile]}\" file can NOT open: #{e}"
+          logger.warn(msg)
+        end
+      end
 
       @state = ClientState::START
       loop do
@@ -154,8 +170,8 @@ module TTTLS13
 
           extensions, priv_keys = gen_ch_extensions
           binder_key = (use_psk? ? key_schedule.binder_key_res : nil)
-          transcript[CH] = send_client_hello(extensions, binder_key)
-
+          ch = send_client_hello(extensions, binder_key)
+          transcript[CH] = [ch, ch.serialize]
           send_ccs if @settings[:compatibility_mode]
           if use_early_data?
             e_wcipher = gen_cipher(
@@ -163,6 +179,10 @@ module TTTLS13
               key_schedule.early_data_write_key,
               key_schedule.early_data_write_iv
             )
+            sslkeylogfile&.write_client_early_traffic_secret(
+              transcript[CH].first.random,
+              key_schedule.client_early_traffic_secret
+            )
             send_early_data(e_wcipher)
           end
 
@@ -170,7 +190,7 @@ module TTTLS13
         when ClientState::WAIT_SH
           logger.debug('ClientState::WAIT_SH')
 
-          sh = transcript[SH] = recv_server_hello
+          sh, = transcript[SH] = recv_server_hello
 
           # downgrade protection
           if !sh.negotiated_tls_1_3? && sh.downgraded?
@@ -187,7 +207,7 @@ module TTTLS13
             unless sh.legacy_compression_method == "\x00"
 
           # validate sh using ch
-          ch = transcript[CH]
+          ch, = transcript[CH]
           terminate(:illegal_parameter) \
             unless sh.legacy_version == ch.legacy_version
           terminate(:illegal_parameter) \
@@ -199,7 +219,7 @@ module TTTLS13
 
           # validate sh using hrr
           if transcript.include?(HRR)
-            hrr = transcript[HRR]
+            hrr, = transcript[HRR]
             terminate(:illegal_parameter) \
               unless sh.cipher_suite == hrr.cipher_suite
 
@@ -212,8 +232,9 @@ module TTTLS13
           # handling HRR
           if sh.hrr?
             terminate(:unexpected_message) if transcript.include?(HRR)
-            ch1 = transcript[CH1] = transcript.delete(CH)
-            hrr = transcript[HRR] = transcript.delete(SH)
+
+            ch1, = transcript[CH1] = transcript.delete(CH)
+            hrr, = transcript[HRR] = transcript.delete(SH)
 
             # validate cookie
             diff_sets = sh.extensions.keys - ch1.extensions.keys
@@ -235,8 +256,9 @@ module TTTLS13
             extensions, pk = gen_newch_extensions(ch1, hrr)
             priv_keys = pk.merge(priv_keys)
             binder_key = (use_psk? ? key_schedule.binder_key_res : nil)
-            transcript[CH] = send_new_client_hello(ch1, hrr, extensions,
-                                                   binder_key)
+            ch = send_new_client_hello(ch1, hrr, extensions, binder_key)
+            transcript[CH] = [ch, ch.serialize]
+
             @state = ClientState::WAIT_SH
             next
           end
@@ -268,46 +290,63 @@ module TTTLS13
             key_schedule.client_handshake_write_key,
             key_schedule.client_handshake_write_iv
           )
+          sslkeylogfile&.write_client_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.client_handshake_traffic_secret
+          )
           hs_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.server_handshake_write_key,
             key_schedule.server_handshake_write_iv
           )
+          sslkeylogfile&.write_server_handshake_traffic_secret(
+            transcript[CH].first.random,
+            key_schedule.server_handshake_traffic_secret
+          )
           @state = ClientState::WAIT_EE
         when ClientState::WAIT_EE
           logger.debug('ClientState::WAIT_EE')
 
-          ee = transcript[EE] = recv_encrypted_extensions(hs_rcipher)
+          ee, = transcript[EE] = recv_encrypted_extensions(hs_rcipher)
           terminate(:illegal_parameter) unless ee.appearable_extensions?
 
-          ch = transcript[CH]
+          ch, = transcript[CH]
           terminate(:unsupported_extension) \
             unless (ee.extensions.keys - ch.extensions.keys).empty?
 
           rsl = ee.extensions[Message::ExtensionType::RECORD_SIZE_LIMIT]
           @recv_record_size = rsl.record_size_limit unless rsl.nil?
-
           @succeed_early_data = true \
             if ee.extensions.include?(Message::ExtensionType::EARLY_DATA)
-
           @alpn = ee.extensions[
             Message::ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
           ]&.protocol_name_list&.first
-
           @state = ClientState::WAIT_CERT_CR
           @state = ClientState::WAIT_FINISHED unless psk.nil?
         when ClientState::WAIT_CERT_CR
           logger.debug('ClientState::WAIT_CERT_CR')
 
-          message = recv_message(receivable_ccs: true, cipher: hs_rcipher)
-          if message.msg_type == Message::HandshakeType::CERTIFICATE
-            ct = transcript[CT] = message
-            alert = check_invalid_certificate(ct, transcript[CH])
+          message, orig_msg = recv_message(
+            receivable_ccs: true,
+            cipher: hs_rcipher
+          )
+          case message.msg_type
+          when Message::HandshakeType::CERTIFICATE,
+               Message::HandshakeType::COMPRESSED_CERTIFICATE
+            ct, = transcript[CT] = [message, orig_msg]
+            terminate(:bad_certificate) \
+              if ct.is_a?(Message::CompressedCertificate) &&
+                 !@settings[:compress_certificate_algorithms]
+                 .include?(ct.algorithm)
+
+            ct = ct.certificate_message \
+              if ct.is_a?(Message::CompressedCertificate)
+            alert = check_invalid_certificate(ct, transcript[CH].first)
             terminate(alert) unless alert.nil?
 
             @state = ClientState::WAIT_CV
-          elsif message.msg_type == Message::HandshakeType::CERTIFICATE_REQUEST
-            transcript[CR] = message
+          when Message::HandshakeType::CERTIFICATE_REQUEST
+            transcript[CR] = [message, orig_msg]
             # TODO: client authentication
             @state = ClientState::WAIT_CERT
           else
@@ -316,56 +355,74 @@ module TTTLS13
         when ClientState::WAIT_CERT
           logger.debug('ClientState::WAIT_CERT')
 
-          ct = transcript[CT] = recv_certificate(hs_rcipher)
-          alert = check_invalid_certificate(ct, transcript[CH])
+          ct, = transcript[CT] = recv_certificate(hs_rcipher)
+          if ct.is_a?(Message::CompressedCertificate) &&
+             !@settings[:compress_certificate_algorithms].include?(ct.algorithm)
+            terminate(:bad_certificate)
+          elsif ct.is_a?(Message::CompressedCertificate)
+            ct = ct.certificate_message
+          end
+
+          alert = check_invalid_certificate(ct, transcript[CH].first)
           terminate(alert) unless alert.nil?
 
           @state = ClientState::WAIT_CV
         when ClientState::WAIT_CV
           logger.debug('ClientState::WAIT_CV')
 
-          cv = transcript[CV] = recv_certificate_verify(hs_rcipher)
+          cv, = transcript[CV] = recv_certificate_verify(hs_rcipher)
           digest = CipherSuite.digest(@cipher_suite)
           hash = transcript.hash(digest, CT)
+          ct, = transcript[CT]
+          ct = ct.certificate_message \
+            if ct.is_a?(Message::CompressedCertificate)
           terminate(:decrypt_error) \
-            unless verified_certificate_verify?(transcript[CT], cv, hash)
+            unless verified_certificate_verify?(ct, cv, hash)
 
           @signature_scheme = cv.signature_scheme
-
           @state = ClientState::WAIT_FINISHED
         when ClientState::WAIT_FINISHED
           logger.debug('ClientState::WAIT_FINISHED')
 
-          sf = transcript[SF] = recv_finished(hs_rcipher)
+          sf, = transcript[SF] = recv_finished(hs_rcipher)
           digest = CipherSuite.digest(@cipher_suite)
-          verified = verified_finished?(
+          terminate(:decrypt_error) unless verified_finished?(
             finished: sf,
             digest: digest,
             finished_key: key_schedule.server_finished_key,
             hash: transcript.hash(digest, CV)
           )
-          terminate(:decrypt_error) unless verified
-
-          transcript[EOED] = send_eoed(e_wcipher) \
-            if use_early_data? && succeed_early_data?
 
+          if use_early_data? && succeed_early_data?
+            eoed = send_eoed(e_wcipher)
+            transcript[EOED] = [eoed, eoed.serialize]
+          end
           # TODO: Send Certificate [+ CertificateVerify]
           signature = sign_finished(
             digest: digest,
             finished_key: key_schedule.client_finished_key,
             hash: transcript.hash(digest, EOED)
           )
-          transcript[CF] = send_finished(signature, hs_wcipher)
+          cf = send_finished(signature, hs_wcipher)
+          transcript[CF] = [cf, cf.serialize]
           @alert_wcipher = @ap_wcipher = gen_cipher(
             @cipher_suite,
             key_schedule.client_application_write_key,
             key_schedule.client_application_write_iv
           )
+          sslkeylogfile&.write_client_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.client_application_traffic_secret
+          )
           @ap_rcipher = gen_cipher(
             @cipher_suite,
             key_schedule.server_application_write_key,
             key_schedule.server_application_write_iv
           )
+          sslkeylogfile&.write_server_traffic_secret_0(
+            transcript[CH].first.random,
+            key_schedule.server_application_traffic_secret
+          )
           @exporter_master_secret = key_schedule.exporter_master_secret
           @resumption_master_secret = key_schedule.resumption_master_secret
           @state = ClientState::CONNECTED
@@ -375,6 +432,7 @@ module TTTLS13
           break
         end
       end
+      sslkeylogfile&.close
     end
     # rubocop: enable Metrics/AbcSize
     # rubocop: enable Metrics/BlockLength
@@ -578,6 +636,14 @@ module TTTLS13
       exs << Message::Extension::OCSPStatusRequest.new \
         if @settings[:check_certificate_status]
 
+      # compress_certificate
+      if !@settings[:compress_certificate_algorithms].nil? &&
+         !@settings[:compress_certificate_algorithms].empty?
+        exs << Message::Extension::CompressCertificate.new(
+          @settings[:compress_certificate_algorithms]
+        )
+      end
+
       [exs, priv_keys]
     end
     # rubocop: enable Metrics/AbcSize
@@ -735,11 +801,15 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::ServerHello]
+    # @return [String]
     def recv_server_hello
-      sh = recv_message(receivable_ccs: true, cipher: Cryptograph::Passer.new)
+      sh, orig_msg = recv_message(
+        receivable_ccs: true,
+        cipher: Cryptograph::Passer.new
+      )
       terminate(:unexpected_message) unless sh.is_a?(Message::ServerHello)
 
-      sh
+      [sh, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -747,12 +817,13 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::EncryptedExtensions]
+    # @return [String]
     def recv_encrypted_extensions(cipher)
-      ee = recv_message(receivable_ccs: true, cipher: cipher)
+      ee, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) \
         unless ee.is_a?(Message::EncryptedExtensions)
 
-      ee
+      [ee, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -760,11 +831,12 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::Certificate]
+    # @return [String]
     def recv_certificate(cipher)
-      ct = recv_message(receivable_ccs: true, cipher: cipher)
+      ct, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) unless ct.is_a?(Message::Certificate)
 
-      ct
+      [ct, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -772,11 +844,12 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::CertificateVerify]
+    # @return [String]
     def recv_certificate_verify(cipher)
-      cv = recv_message(receivable_ccs: true, cipher: cipher)
+      cv, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) unless cv.is_a?(Message::CertificateVerify)
 
-      cv
+      [cv, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]
@@ -784,11 +857,12 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts]
     #
     # @return [TTTLS13::Message::Finished]
+    # @return [String]
     def recv_finished(cipher)
-      sf = recv_message(receivable_ccs: true, cipher: cipher)
+      sf, orig_msg = recv_message(receivable_ccs: true, cipher: cipher)
       terminate(:unexpected_message) unless sf.is_a?(Message::Finished)
 
-      sf
+      [sf, orig_msg]
     end
 
     # @param cipher [TTTLS13::Cryptograph::Aead]

data/lib/tttls1.3/connection.rb

@@ -16,7 +16,7 @@ module TTTLS13
       @ap_wcipher = Cryptograph::Passer.new
       @ap_rcipher = Cryptograph::Passer.new
       @alert_wcipher = Cryptograph::Passer.new
-      @message_queue = [] # Array of TTTLS13::Message::$Object
+      @message_queue = [] # Array of [TTTLS13::Message::$Object, String]
       @binary_buffer = '' # deposit Record.surplus_binary
       @cipher_suite = nil # TTTLS13::CipherSuite
       @named_group = nil # TTTLS13::NamedGroup
@@ -42,7 +42,7 @@ module TTTLS13
 
       message = nil
       loop do
-        message = recv_message(receivable_ccs: false, cipher: @ap_rcipher)
+        message, = recv_message(receivable_ccs: false, cipher: @ap_rcipher)
         # At any time after the server has received the client Finished
         # message, it MAY send a NewSessionTicket message.
         break unless message.is_a?(Message::NewSessionTicket)
@@ -220,13 +220,15 @@ module TTTLS13
     # @raise [TTTLS13::Error::ErrorAlerts
     #
     # @return [TTTLS13::Message::$Object]
+    # @return [String]
     # rubocop: disable Metrics/CyclomaticComplexity
     def recv_message(receivable_ccs:, cipher:)
       return @message_queue.shift unless @message_queue.empty?
 
       messages = nil
+      orig_msgs = []
       loop do
-        record = recv_record(cipher)
+        record, orig_msgs = recv_record(cipher)
         case record.type
         when Message::ContentType::HANDSHAKE,
              Message::ContentType::APPLICATION_DATA
@@ -243,20 +245,22 @@ module TTTLS13
         end
       end
 
-      @message_queue += messages[1..]
+      @message_queue += messages[1..].zip(orig_msgs[1..])
       message = messages.first
+      orig_msg = orig_msgs.first
       if message.is_a?(Message::Alert)
         handle_received_alert(message)
         return nil
       end
 
-      message
+      [message, orig_msg]
     end
     # rubocop: enable Metrics/CyclomaticComplexity
 
     # @param cipher [TTTLS13::Cryptograph::Aead, Passer]
     #
     # @return [TTTLS13::Message::Record]
+    # @return [Array of String]
     def recv_record(cipher)
       binary = @socket.read(5)
       record_len = Convert.bin2i(binary.slice(3, 2))
@@ -264,9 +268,13 @@ module TTTLS13
 
       begin
         buffer = @binary_buffer
-        record = Message::Record.deserialize(binary, cipher, buffer,
-                                             @recv_record_size)
-        @binary_buffer = record.surplus_binary
+        record, orig_msgs, surplus_binary = Message::Record.deserialize(
+          binary,
+          cipher,
+          buffer,
+          @recv_record_size
+        )
+        @binary_buffer = surplus_binary
       rescue Error::ErrorAlerts => e
         terminate(e.message.to_sym)
       end
@@ -278,7 +286,7 @@ module TTTLS13
       end
 
       logger.debug("receive \n" + record.pretty_inspect)
-      record
+      [record, orig_msgs]
     end
 
     # @param ch1 [TTTLS13::Message::ClientHello]
@@ -292,11 +300,9 @@ module TTTLS13
       # TODO: ext binder
       hash_len = OpenSSL::Digest.new(digest).digest_length
       tt = Transcript.new
-      tt.merge!(
-        CH1 => ch1,
-        HRR => hrr,
-        CH => ch
-      )
+      tt[CH1] = [ch1, ch1.serialize] unless ch1.nil?
+      tt[HRR] = [hrr, hrr.serialize] unless hrr.nil?
+      tt[CH] = [ch, ch.serialize]
       # transcript-hash (CH1 + HRR +) truncated-CH
       hash = tt.truncate_hash(digest, CH, hash_len + 3)
       OpenSSL::HMAC.digest(digest, binder_key, hash)
@@ -500,11 +506,10 @@ module TTTLS13
       return false if san.nil?
 
       ostr = OpenSSL::ASN1.decode(san.to_der).value.last
-      matching = OpenSSL::ASN1.decode(ostr.value).map(&:value)
-                              .map { |s| s.gsub('.', '\.').gsub('*', '.*') }
-                              .any? { |s| name.match(/#{s}/) }
-
-      matching
+      OpenSSL::ASN1.decode(ostr.value)
+                   .map(&:value)
+                   .map { |s| s.gsub('.', '\.').gsub('*', '.*') }
+                   .any? { |s| name.match(/#{s}/) }
     end
 
     # @param signature_algorithms [Array of SignatureAlgorithms]

data/lib/tttls1.3/message/client_hello.rb

@@ -18,6 +18,7 @@ module TTTLS13
       ExtensionType::CLIENT_CERTIFICATE_TYPE,
       ExtensionType::SERVER_CERTIFICATE_TYPE,
       ExtensionType::PADDING,
+      ExtensionType::COMPRESS_CERTIFICATE,
       ExtensionType::RECORD_SIZE_LIMIT,
       ExtensionType::PWD_PROTECT,
       ExtensionType::PWD_CLEAR,