tttls1.3 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd89bebc90f5379d37e4fd3d1397168b6df9fcbfe5d1ad05f3ae852ba7d071d1
-  data.tar.gz: 45372c096b46a5c37c9e05d22dfad8d53e24278d5d195b1b7305aa86b49bdfe9
+  metadata.gz: fbb7e4290064777d30371999409395c0f2db398d1ee7a67eaaf5fa500de27954
+  data.tar.gz: 3a00195088a78054fd4abdbf77e11fff3898f23b539d90e3ce141a0ef045f227
 SHA512:
-  metadata.gz: 6b79f03e7eff3d7f2e47e0ca715ee9559c8c2a04f3f6c4869b4c8b915905f8934bb6cf4dd776ae74bdc3e7d9c97dd3a8ee77e46298073bdffd70fc936a954421
-  data.tar.gz: c43d3629de31d6ebd8f86d0c7a700d85a9f6e53be351eb13062c7ad0af9d1b8acc1c685f95a48e7d320b22ad1cd83979c4de3b57f07245060d6cc0dacdcca482
+  metadata.gz: 3186fcebd41a40b21c5a4d1de53d13af3ea57dd4d0f3e6baff476882223cc370cb610d9c13cc4df43c3b5b13dd10063b702f39636dd447e9386062de7c566bbc
+  data.tar.gz: 4c8f6a076e042b1c9059dea5b9598d5bd5d80640b2b72cc859a76d2e020edc047b8309c7821ca849b445c51c41fbcac600363c34881074b28996774d05cc8ffb

data/.github/workflows/ci.yml

@@ -13,14 +13,14 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['2.7.x', '3.0.x', '3.1.x']
+        ruby-version: ['3.1', '3.2', '3.3']
     steps:
       - uses: actions/checkout@v3
       - uses: docker://thekuwayama/openssl:latest
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: ${{ matrix.ruby-version }}
       - name: Install dependencies
         run: |
           gem --version

data/.rubocop.yml

@@ -1,6 +1,9 @@
 AllCops:
   TargetRubyVersion: 2.7
 
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+
 Style/ConditionalAssignment:
   Enabled: false
 

data/.ruby-version

@@ -1 +1 @@
-3.1.2
+3.2.2

data/README.md

@@ -104,8 +104,8 @@ tttls1.3 client is configurable using keyword arguments.
 | `:check_certificate_status` | Boolean | false | If needed to check certificate status, set true. |
 | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
 | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
-| `:ech_config` | ECHConfig | nil | ECHConfig to use ECH. If needed to use ECH, set TTTLS13::STANDARD\_CLIENT\_ECH_HPKE\_SYMMETRIC\_CIPHER\_SUITES, for example. See [ech_config](https://github.com/thekuwayama/ech_config). |
-| `:ech_hpke_cipher_suites` | Array of ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite | nil | If needed to use ECH, set client preference HPKE cipher suites. |
+| `:ech_config` | ECHConfig | nil | ECHConfig to use ECH. See [ech_config](https://github.com/thekuwayama/ech_config). |
+| `:ech_hpke_cipher_suites` | Array of ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite | nil | If needed to use ECH, set client preference HPKE cipher suites. For example, you can set TTTLS13::STANDARD\_CLIENT\_ECH_HPKE\_SYMMETRIC\_CIPHER\_SUITES. |
 | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
 | `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
 | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |

data/example/README.md

@@ -13,7 +13,7 @@ The examples run as follows:
 ```bash
 $ ruby https_client.rb
 
-$ ruby https_client.rb localhost:4433
+$ ruby https_client.rb https://localhost:4433
 ```
 
 Note that `https_server.rb` requires PEM files of certificate and private key.

data/example/helper.rb

@@ -4,6 +4,7 @@ $LOAD_PATH << __dir__ + '/../lib'
 
 require 'socket'
 require 'time'
+require 'uri'
 require 'webrick'
 
 require 'http/parser'

data/example/https_client.rb

@@ -3,17 +3,17 @@
 
 require_relative 'helper'
 
-hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname)
+req = simple_http_request(uri.host, uri.path)
 
-socket = TCPSocket.new(hostname, port)
+socket = TCPSocket.new(uri.host, uri.port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1'],
   sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
-client = TTTLS13::Client.new(socket, hostname, **settings)
+client = TTTLS13::Client.new(socket, uri.host, **settings)
 client.connect
 client.write(req)
 

data/example/https_client_using_0rtt.rb

@@ -3,9 +3,9 @@
 
 require_relative 'helper'
 
-hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname)
+req = simple_http_request(uri.host, uri.path)
 
 settings_2nd = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
@@ -35,14 +35,15 @@ succeed_early_data = false
   # Subsequent Handshake:
   settings_2nd
 ].each_with_index do |settings, i|
-  socket = TCPSocket.new(hostname, port)
-  client = TTTLS13::Client.new(socket, hostname, **settings)
+  socket = TCPSocket.new(uri.host, uri.port)
+  client = TTTLS13::Client.new(socket, uri.host, **settings)
 
   # send message using early data; 0-RTT
   client.early_data(req) if i == 1 && settings.include?(:ticket)
   client.connect
   # send message after Simple 1-RTT Handshake
   client.write(req) if i.zero? || !client.succeed_early_data?
+
   print recv_http_response(client)
   client.close unless client.eof?
   socket.close

data/example/https_client_using_ech.rb

@@ -5,16 +5,15 @@ require_relative 'helper'
 HpkeSymmetricCipherSuite = \
   ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
 
-hostname = 'crypto.cloudflare.com'
-port = 443
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname, '/cdn-cgi/trace')
+req = simple_http_request(uri.host, uri.path)
 
 rr = Resolv::DNS.new.getresources(
-  hostname,
+  uri.host,
   Resolv::DNS::Resource::IN::HTTPS
 )
-socket = TCPSocket.new(hostname, port)
+socket = TCPSocket.new(uri.host, uri.port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1'],
@@ -23,7 +22,7 @@ settings = {
     TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
   sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
-client = TTTLS13::Client.new(socket, hostname, **settings)
+client = TTTLS13::Client.new(socket, uri.host, **settings)
 client.connect
 client.write(req)
 

data/example/https_client_using_grease_ech.rb

@@ -5,11 +5,10 @@ require_relative 'helper'
 HpkeSymmetricCipherSuite = \
   ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
 
-hostname = 'crypto.cloudflare.com'
-port = 443
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
 
-socket = TCPSocket.new(hostname, port)
+socket = TCPSocket.new(uri.host, uri.port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1'],
@@ -17,10 +16,9 @@ settings = {
     TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
   sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
-client = TTTLS13::Client.new(socket, hostname, **settings)
+client = TTTLS13::Client.new(socket, uri.host, **settings)
 client.connect
 
 print client.retry_configs if client.rejected_ech?
-
 client.close unless client.eof?
 socket.close

data/example/https_client_using_grease_psk.rb

@@ -5,13 +5,12 @@ require_relative 'helper'
 HpkeSymmetricCipherSuite = \
   ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
 
-hostname = 'crypto.cloudflare.com'
-port = 443
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname, '/cdn-cgi/trace')
+req = simple_http_request(uri.host, uri.path)
 
 rr = Resolv::DNS.new.getresources(
-  hostname,
+  uri.host,
   Resolv::DNS::Resource::IN::HTTPS
 )
 settings_2nd = {
@@ -37,16 +36,8 @@ settings_1st = {
   alpn: ['http/1.1'],
   process_new_session_ticket: process_new_session_ticket,
   ech_config: rr.first.svc_params['ech'].echconfiglist.first,
-  ech_hpke_cipher_suites: [
-    HpkeSymmetricCipherSuite.new(
-      HpkeSymmetricCipherSuite::HpkeKdfId.new(
-        TTTLS13::Hpke::KdfId::HKDF_SHA256
-      ),
-      HpkeSymmetricCipherSuite::HpkeAeadId.new(
-        TTTLS13::Hpke::AeadId::AES_128_GCM
-      )
-    )
-  ],
+  ech_hpke_cipher_suites:
+    TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
   sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
 
@@ -56,10 +47,11 @@ settings_1st = {
   # Subsequent Handshake:
   settings_2nd
 ].each do |settings|
-  socket = TCPSocket.new(hostname, port)
-  client = TTTLS13::Client.new(socket, hostname, **settings)
+  socket = TCPSocket.new(uri.host, uri.port)
+  client = TTTLS13::Client.new(socket, uri.host, **settings)
   client.connect
   client.write(req)
+
   print recv_http_response(client)
   client.close unless client.eof?
   socket.close

data/example/https_client_using_hrr.rb

@@ -3,19 +3,20 @@
 
 require_relative 'helper'
 
-hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname)
+req = simple_http_request(uri.host, uri.path)
 
-socket = TCPSocket.new(hostname, port)
+socket = TCPSocket.new(uri.host, uri.port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   key_share_groups: [], # empty KeyShareClientHello.client_shares
   alpn: ['http/1.1']
 }
-client = TTTLS13::Client.new(socket, hostname, **settings)
+client = TTTLS13::Client.new(socket, uri.host, **settings)
 client.connect
 client.write(req)
+
 print recv_http_response(client)
 client.close unless client.eof?
 socket.close

data/example/https_client_using_hrr_and_ech.rb

@@ -5,16 +5,15 @@ require_relative 'helper'
 HpkeSymmetricCipherSuite = \
   ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
 
-hostname = 'crypto.cloudflare.com'
-port = 443
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname, '/cdn-cgi/trace')
+req = simple_http_request(uri.host, uri.path)
 
 rr = Resolv::DNS.new.getresources(
-  hostname,
+  uri.host,
   Resolv::DNS::Resource::IN::HTTPS
 )
-socket = TCPSocket.new(hostname, port)
+socket = TCPSocket.new(uri.host, uri.port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   key_share_groups: [], # empty KeyShareClientHello.client_shares
@@ -24,9 +23,10 @@ settings = {
     TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
   sslkeylogfile: '/tmp/sslkeylogfile.log'
 }
-client = TTTLS13::Client.new(socket, hostname, **settings)
+client = TTTLS13::Client.new(socket, uri.host, **settings)
 client.connect
 client.write(req)
+
 print recv_http_response(client)
 client.close unless client.eof?
 socket.close

data/example/https_client_using_hrr_and_ticket.rb

@@ -3,9 +3,9 @@
 
 require_relative 'helper'
 
-hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname)
+req = simple_http_request(uri.host, uri.path)
 
 settings_2nd = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
@@ -34,10 +34,11 @@ settings_1st = {
   # Subsequent Handshake:
   settings_2nd
 ].each do |settings|
-  socket = TCPSocket.new(hostname, port)
-  client = TTTLS13::Client.new(socket, hostname, **settings)
+  socket = TCPSocket.new(uri.host, uri.port)
+  client = TTTLS13::Client.new(socket, uri.host, **settings)
   client.connect
   client.write(req)
+
   print recv_http_response(client)
   client.close unless client.eof?
   socket.close

data/example/https_client_using_status_request.rb

@@ -3,10 +3,11 @@
 
 require_relative 'helper'
 
-hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname)
+req = simple_http_request(uri.host, uri.path)
 
+socket = TCPSocket.new(uri.host, uri.port)
 process_certificate_status = lambda do |res, cert, chain|
   puts 'stapled OCSPResponse: '
   puts res.basic.status.pretty_inspect unless res.nil?
@@ -14,15 +15,13 @@ process_certificate_status = lambda do |res, cert, chain|
 
   TTTLS13::Client.softfail_check_certificate_status(res, cert, chain)
 end
-
-socket = TCPSocket.new(hostname, port)
 settings = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
   alpn: ['http/1.1'],
   check_certificate_status: true,
   process_certificate_status: process_certificate_status
 }
-client = TTTLS13::Client.new(socket, hostname, **settings)
+client = TTTLS13::Client.new(socket, uri.host, **settings)
 client.connect
 client.write(req)
 

data/example/https_client_using_ticket.rb

@@ -3,9 +3,9 @@
 
 require_relative 'helper'
 
-hostname, port = (ARGV[0] || 'localhost:4433').split(':')
+uri = URI.parse(ARGV[0] || 'https://localhost:4433')
 ca_file = __dir__ + '/../tmp/ca.crt'
-req = simple_http_request(hostname)
+req = simple_http_request(uri.host, uri.path)
 
 settings_2nd = {
   ca_file: File.exist?(ca_file) ? ca_file : nil,
@@ -33,10 +33,11 @@ settings_1st = {
   # Subsequent Handshake:
   settings_2nd
 ].each do |settings|
-  socket = TCPSocket.new(hostname, port)
-  client = TTTLS13::Client.new(socket, hostname, **settings)
+  socket = TCPSocket.new(uri.host, uri.port)
+  client = TTTLS13::Client.new(socket, uri.host, **settings)
   client.connect
   client.write(req)
+
   print recv_http_response(client)
   client.close unless client.eof?
   socket.close

data/lib/tttls1.3/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TTTLS13
-  VERSION = '0.3.0'
+  VERSION = '0.3.1'
 end

data/tttls1.3.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
   spec.description   = spec.summary
   spec.homepage      = 'https://github.com/thekuwayama/tttls1.3'
   spec.license       = 'MIT'
-  spec.required_ruby_version = '>=2.7'
+  spec.required_ruby_version = '>=3.1'
 
   spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - thekuwayama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-23 00:00:00.000000000 Z
+date: 2023-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -228,14 +228,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)