tttls1.3 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fd89bebc90f5379d37e4fd3d1397168b6df9fcbfe5d1ad05f3ae852ba7d071d1
4
- data.tar.gz: 45372c096b46a5c37c9e05d22dfad8d53e24278d5d195b1b7305aa86b49bdfe9
3
+ metadata.gz: fbb7e4290064777d30371999409395c0f2db398d1ee7a67eaaf5fa500de27954
4
+ data.tar.gz: 3a00195088a78054fd4abdbf77e11fff3898f23b539d90e3ce141a0ef045f227
5
5
  SHA512:
6
- metadata.gz: 6b79f03e7eff3d7f2e47e0ca715ee9559c8c2a04f3f6c4869b4c8b915905f8934bb6cf4dd776ae74bdc3e7d9c97dd3a8ee77e46298073bdffd70fc936a954421
7
- data.tar.gz: c43d3629de31d6ebd8f86d0c7a700d85a9f6e53be351eb13062c7ad0af9d1b8acc1c685f95a48e7d320b22ad1cd83979c4de3b57f07245060d6cc0dacdcca482
6
+ metadata.gz: 3186fcebd41a40b21c5a4d1de53d13af3ea57dd4d0f3e6baff476882223cc370cb610d9c13cc4df43c3b5b13dd10063b702f39636dd447e9386062de7c566bbc
7
+ data.tar.gz: 4c8f6a076e042b1c9059dea5b9598d5bd5d80640b2b72cc859a76d2e020edc047b8309c7821ca849b445c51c41fbcac600363c34881074b28996774d05cc8ffb
@@ -13,14 +13,14 @@ jobs:
13
13
  runs-on: ubuntu-latest
14
14
  strategy:
15
15
  matrix:
16
- ruby-version: ['2.7.x', '3.0.x', '3.1.x']
16
+ ruby-version: ['3.1', '3.2', '3.3']
17
17
  steps:
18
18
  - uses: actions/checkout@v3
19
19
  - uses: docker://thekuwayama/openssl:latest
20
20
  - name: Set up Ruby
21
21
  uses: ruby/setup-ruby@v1
22
22
  with:
23
- ruby-version: ${{ matrix.ruby }}
23
+ ruby-version: ${{ matrix.ruby-version }}
24
24
  - name: Install dependencies
25
25
  run: |
26
26
  gem --version
data/.rubocop.yml CHANGED
@@ -1,6 +1,9 @@
1
1
  AllCops:
2
2
  TargetRubyVersion: 2.7
3
3
 
4
+ Gemspec/RequiredRubyVersion:
5
+ Enabled: false
6
+
4
7
  Style/ConditionalAssignment:
5
8
  Enabled: false
6
9
 
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.1.2
1
+ 3.2.2
data/README.md CHANGED
@@ -104,8 +104,8 @@ tttls1.3 client is configurable using keyword arguments.
104
104
  | `:check_certificate_status` | Boolean | false | If needed to check certificate status, set true. |
105
105
  | `:process_certificate_status` | Proc | `TTTLS13::Client.method(:softfail_check_certificate_status)` | Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean. |
106
106
  | `:compress_certificate_algorithms` | Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant | `ZLIB` | The compression algorithms are supported for compressing the Certificate message. |
107
- | `:ech_config` | ECHConfig | nil | ECHConfig to use ECH. If needed to use ECH, set TTTLS13::STANDARD\_CLIENT\_ECH_HPKE\_SYMMETRIC\_CIPHER\_SUITES, for example. See [ech_config](https://github.com/thekuwayama/ech_config). |
108
- | `:ech_hpke_cipher_suites` | Array of ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite | nil | If needed to use ECH, set client preference HPKE cipher suites. |
107
+ | `:ech_config` | ECHConfig | nil | ECHConfig to use ECH. See [ech_config](https://github.com/thekuwayama/ech_config). |
108
+ | `:ech_hpke_cipher_suites` | Array of ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite | nil | If needed to use ECH, set client preference HPKE cipher suites. For example, you can set TTTLS13::STANDARD\_CLIENT\_ECH_HPKE\_SYMMETRIC\_CIPHER\_SUITES. |
109
109
  | `:compatibility_mode` | Boolean | true | If needed to send ChangeCipherSpec, set true. |
110
110
  | `:sslkeylogfile` | String | nil | If needed to log SSLKEYLOGFILE, set the file path. |
111
111
  | `:loglevel` | Logger constant | Logger::WARN | If needed to print verbose, set Logger::DEBUG. |
data/example/README.md CHANGED
@@ -13,7 +13,7 @@ The examples run as follows:
13
13
  ```bash
14
14
  $ ruby https_client.rb
15
15
 
16
- $ ruby https_client.rb localhost:4433
16
+ $ ruby https_client.rb https://localhost:4433
17
17
  ```
18
18
 
19
19
  Note that `https_server.rb` requires PEM files of certificate and private key.
data/example/helper.rb CHANGED
@@ -4,6 +4,7 @@ $LOAD_PATH << __dir__ + '/../lib'
4
4
 
5
5
  require 'socket'
6
6
  require 'time'
7
+ require 'uri'
7
8
  require 'webrick'
8
9
 
9
10
  require 'http/parser'
@@ -3,17 +3,17 @@
3
3
 
4
4
  require_relative 'helper'
5
5
 
6
- hostname, port = (ARGV[0] || 'localhost:4433').split(':')
6
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
7
7
  ca_file = __dir__ + '/../tmp/ca.crt'
8
- req = simple_http_request(hostname)
8
+ req = simple_http_request(uri.host, uri.path)
9
9
 
10
- socket = TCPSocket.new(hostname, port)
10
+ socket = TCPSocket.new(uri.host, uri.port)
11
11
  settings = {
12
12
  ca_file: File.exist?(ca_file) ? ca_file : nil,
13
13
  alpn: ['http/1.1'],
14
14
  sslkeylogfile: '/tmp/sslkeylogfile.log'
15
15
  }
16
- client = TTTLS13::Client.new(socket, hostname, **settings)
16
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
17
17
  client.connect
18
18
  client.write(req)
19
19
 
@@ -3,9 +3,9 @@
3
3
 
4
4
  require_relative 'helper'
5
5
 
6
- hostname, port = (ARGV[0] || 'localhost:4433').split(':')
6
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
7
7
  ca_file = __dir__ + '/../tmp/ca.crt'
8
- req = simple_http_request(hostname)
8
+ req = simple_http_request(uri.host, uri.path)
9
9
 
10
10
  settings_2nd = {
11
11
  ca_file: File.exist?(ca_file) ? ca_file : nil,
@@ -35,14 +35,15 @@ succeed_early_data = false
35
35
  # Subsequent Handshake:
36
36
  settings_2nd
37
37
  ].each_with_index do |settings, i|
38
- socket = TCPSocket.new(hostname, port)
39
- client = TTTLS13::Client.new(socket, hostname, **settings)
38
+ socket = TCPSocket.new(uri.host, uri.port)
39
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
40
40
 
41
41
  # send message using early data; 0-RTT
42
42
  client.early_data(req) if i == 1 && settings.include?(:ticket)
43
43
  client.connect
44
44
  # send message after Simple 1-RTT Handshake
45
45
  client.write(req) if i.zero? || !client.succeed_early_data?
46
+
46
47
  print recv_http_response(client)
47
48
  client.close unless client.eof?
48
49
  socket.close
@@ -5,16 +5,15 @@ require_relative 'helper'
5
5
  HpkeSymmetricCipherSuite = \
6
6
  ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
7
7
 
8
- hostname = 'crypto.cloudflare.com'
9
- port = 443
8
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
10
9
  ca_file = __dir__ + '/../tmp/ca.crt'
11
- req = simple_http_request(hostname, '/cdn-cgi/trace')
10
+ req = simple_http_request(uri.host, uri.path)
12
11
 
13
12
  rr = Resolv::DNS.new.getresources(
14
- hostname,
13
+ uri.host,
15
14
  Resolv::DNS::Resource::IN::HTTPS
16
15
  )
17
- socket = TCPSocket.new(hostname, port)
16
+ socket = TCPSocket.new(uri.host, uri.port)
18
17
  settings = {
19
18
  ca_file: File.exist?(ca_file) ? ca_file : nil,
20
19
  alpn: ['http/1.1'],
@@ -23,7 +22,7 @@ settings = {
23
22
  TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
24
23
  sslkeylogfile: '/tmp/sslkeylogfile.log'
25
24
  }
26
- client = TTTLS13::Client.new(socket, hostname, **settings)
25
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
27
26
  client.connect
28
27
  client.write(req)
29
28
 
@@ -5,11 +5,10 @@ require_relative 'helper'
5
5
  HpkeSymmetricCipherSuite = \
6
6
  ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
7
7
 
8
- hostname = 'crypto.cloudflare.com'
9
- port = 443
8
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
10
9
  ca_file = __dir__ + '/../tmp/ca.crt'
11
10
 
12
- socket = TCPSocket.new(hostname, port)
11
+ socket = TCPSocket.new(uri.host, uri.port)
13
12
  settings = {
14
13
  ca_file: File.exist?(ca_file) ? ca_file : nil,
15
14
  alpn: ['http/1.1'],
@@ -17,10 +16,9 @@ settings = {
17
16
  TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
18
17
  sslkeylogfile: '/tmp/sslkeylogfile.log'
19
18
  }
20
- client = TTTLS13::Client.new(socket, hostname, **settings)
19
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
21
20
  client.connect
22
21
 
23
22
  print client.retry_configs if client.rejected_ech?
24
-
25
23
  client.close unless client.eof?
26
24
  socket.close
@@ -5,13 +5,12 @@ require_relative 'helper'
5
5
  HpkeSymmetricCipherSuite = \
6
6
  ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
7
7
 
8
- hostname = 'crypto.cloudflare.com'
9
- port = 443
8
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
10
9
  ca_file = __dir__ + '/../tmp/ca.crt'
11
- req = simple_http_request(hostname, '/cdn-cgi/trace')
10
+ req = simple_http_request(uri.host, uri.path)
12
11
 
13
12
  rr = Resolv::DNS.new.getresources(
14
- hostname,
13
+ uri.host,
15
14
  Resolv::DNS::Resource::IN::HTTPS
16
15
  )
17
16
  settings_2nd = {
@@ -37,16 +36,8 @@ settings_1st = {
37
36
  alpn: ['http/1.1'],
38
37
  process_new_session_ticket: process_new_session_ticket,
39
38
  ech_config: rr.first.svc_params['ech'].echconfiglist.first,
40
- ech_hpke_cipher_suites: [
41
- HpkeSymmetricCipherSuite.new(
42
- HpkeSymmetricCipherSuite::HpkeKdfId.new(
43
- TTTLS13::Hpke::KdfId::HKDF_SHA256
44
- ),
45
- HpkeSymmetricCipherSuite::HpkeAeadId.new(
46
- TTTLS13::Hpke::AeadId::AES_128_GCM
47
- )
48
- )
49
- ],
39
+ ech_hpke_cipher_suites:
40
+ TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
50
41
  sslkeylogfile: '/tmp/sslkeylogfile.log'
51
42
  }
52
43
 
@@ -56,10 +47,11 @@ settings_1st = {
56
47
  # Subsequent Handshake:
57
48
  settings_2nd
58
49
  ].each do |settings|
59
- socket = TCPSocket.new(hostname, port)
60
- client = TTTLS13::Client.new(socket, hostname, **settings)
50
+ socket = TCPSocket.new(uri.host, uri.port)
51
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
61
52
  client.connect
62
53
  client.write(req)
54
+
63
55
  print recv_http_response(client)
64
56
  client.close unless client.eof?
65
57
  socket.close
@@ -3,19 +3,20 @@
3
3
 
4
4
  require_relative 'helper'
5
5
 
6
- hostname, port = (ARGV[0] || 'localhost:4433').split(':')
6
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
7
7
  ca_file = __dir__ + '/../tmp/ca.crt'
8
- req = simple_http_request(hostname)
8
+ req = simple_http_request(uri.host, uri.path)
9
9
 
10
- socket = TCPSocket.new(hostname, port)
10
+ socket = TCPSocket.new(uri.host, uri.port)
11
11
  settings = {
12
12
  ca_file: File.exist?(ca_file) ? ca_file : nil,
13
13
  key_share_groups: [], # empty KeyShareClientHello.client_shares
14
14
  alpn: ['http/1.1']
15
15
  }
16
- client = TTTLS13::Client.new(socket, hostname, **settings)
16
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
17
17
  client.connect
18
18
  client.write(req)
19
+
19
20
  print recv_http_response(client)
20
21
  client.close unless client.eof?
21
22
  socket.close
@@ -5,16 +5,15 @@ require_relative 'helper'
5
5
  HpkeSymmetricCipherSuite = \
6
6
  ECHConfig::ECHConfigContents::HpkeKeyConfig::HpkeSymmetricCipherSuite
7
7
 
8
- hostname = 'crypto.cloudflare.com'
9
- port = 443
8
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
10
9
  ca_file = __dir__ + '/../tmp/ca.crt'
11
- req = simple_http_request(hostname, '/cdn-cgi/trace')
10
+ req = simple_http_request(uri.host, uri.path)
12
11
 
13
12
  rr = Resolv::DNS.new.getresources(
14
- hostname,
13
+ uri.host,
15
14
  Resolv::DNS::Resource::IN::HTTPS
16
15
  )
17
- socket = TCPSocket.new(hostname, port)
16
+ socket = TCPSocket.new(uri.host, uri.port)
18
17
  settings = {
19
18
  ca_file: File.exist?(ca_file) ? ca_file : nil,
20
19
  key_share_groups: [], # empty KeyShareClientHello.client_shares
@@ -24,9 +23,10 @@ settings = {
24
23
  TTTLS13::STANDARD_CLIENT_ECH_HPKE_SYMMETRIC_CIPHER_SUITES,
25
24
  sslkeylogfile: '/tmp/sslkeylogfile.log'
26
25
  }
27
- client = TTTLS13::Client.new(socket, hostname, **settings)
26
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
28
27
  client.connect
29
28
  client.write(req)
29
+
30
30
  print recv_http_response(client)
31
31
  client.close unless client.eof?
32
32
  socket.close
@@ -3,9 +3,9 @@
3
3
 
4
4
  require_relative 'helper'
5
5
 
6
- hostname, port = (ARGV[0] || 'localhost:4433').split(':')
6
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
7
7
  ca_file = __dir__ + '/../tmp/ca.crt'
8
- req = simple_http_request(hostname)
8
+ req = simple_http_request(uri.host, uri.path)
9
9
 
10
10
  settings_2nd = {
11
11
  ca_file: File.exist?(ca_file) ? ca_file : nil,
@@ -34,10 +34,11 @@ settings_1st = {
34
34
  # Subsequent Handshake:
35
35
  settings_2nd
36
36
  ].each do |settings|
37
- socket = TCPSocket.new(hostname, port)
38
- client = TTTLS13::Client.new(socket, hostname, **settings)
37
+ socket = TCPSocket.new(uri.host, uri.port)
38
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
39
39
  client.connect
40
40
  client.write(req)
41
+
41
42
  print recv_http_response(client)
42
43
  client.close unless client.eof?
43
44
  socket.close
@@ -3,10 +3,11 @@
3
3
 
4
4
  require_relative 'helper'
5
5
 
6
- hostname, port = (ARGV[0] || 'localhost:4433').split(':')
6
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
7
7
  ca_file = __dir__ + '/../tmp/ca.crt'
8
- req = simple_http_request(hostname)
8
+ req = simple_http_request(uri.host, uri.path)
9
9
 
10
+ socket = TCPSocket.new(uri.host, uri.port)
10
11
  process_certificate_status = lambda do |res, cert, chain|
11
12
  puts 'stapled OCSPResponse: '
12
13
  puts res.basic.status.pretty_inspect unless res.nil?
@@ -14,15 +15,13 @@ process_certificate_status = lambda do |res, cert, chain|
14
15
 
15
16
  TTTLS13::Client.softfail_check_certificate_status(res, cert, chain)
16
17
  end
17
-
18
- socket = TCPSocket.new(hostname, port)
19
18
  settings = {
20
19
  ca_file: File.exist?(ca_file) ? ca_file : nil,
21
20
  alpn: ['http/1.1'],
22
21
  check_certificate_status: true,
23
22
  process_certificate_status: process_certificate_status
24
23
  }
25
- client = TTTLS13::Client.new(socket, hostname, **settings)
24
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
26
25
  client.connect
27
26
  client.write(req)
28
27
 
@@ -3,9 +3,9 @@
3
3
 
4
4
  require_relative 'helper'
5
5
 
6
- hostname, port = (ARGV[0] || 'localhost:4433').split(':')
6
+ uri = URI.parse(ARGV[0] || 'https://localhost:4433')
7
7
  ca_file = __dir__ + '/../tmp/ca.crt'
8
- req = simple_http_request(hostname)
8
+ req = simple_http_request(uri.host, uri.path)
9
9
 
10
10
  settings_2nd = {
11
11
  ca_file: File.exist?(ca_file) ? ca_file : nil,
@@ -33,10 +33,11 @@ settings_1st = {
33
33
  # Subsequent Handshake:
34
34
  settings_2nd
35
35
  ].each do |settings|
36
- socket = TCPSocket.new(hostname, port)
37
- client = TTTLS13::Client.new(socket, hostname, **settings)
36
+ socket = TCPSocket.new(uri.host, uri.port)
37
+ client = TTTLS13::Client.new(socket, uri.host, **settings)
38
38
  client.connect
39
39
  client.write(req)
40
+
40
41
  print recv_http_response(client)
41
42
  client.close unless client.eof?
42
43
  socket.close
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module TTTLS13
4
- VERSION = '0.3.0'
4
+ VERSION = '0.3.1'
5
5
  end
data/tttls1.3.gemspec CHANGED
@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
13
13
  spec.description = spec.summary
14
14
  spec.homepage = 'https://github.com/thekuwayama/tttls1.3'
15
15
  spec.license = 'MIT'
16
- spec.required_ruby_version = '>=2.7'
16
+ spec.required_ruby_version = '>=3.1'
17
17
 
18
18
  spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
19
19
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tttls1.3
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - thekuwayama
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-23 00:00:00.000000000 Z
11
+ date: 2023-12-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -228,14 +228,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
228
228
  requirements:
229
229
  - - ">="
230
230
  - !ruby/object:Gem::Version
231
- version: '2.7'
231
+ version: '3.1'
232
232
  required_rubygems_version: !ruby/object:Gem::Requirement
233
233
  requirements:
234
234
  - - ">="
235
235
  - !ruby/object:Gem::Version
236
236
  version: '0'
237
237
  requirements: []
238
- rubygems_version: 3.3.7
238
+ rubygems_version: 3.4.10
239
239
  signing_key:
240
240
  specification_version: 4
241
241
  summary: TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)