Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicit TLS configuration setup #1194

Merged
merged 3 commits into from
Sep 29, 2021
Merged

Explicit TLS configuration setup #1194

merged 3 commits into from
Sep 29, 2021

Conversation

djc
Copy link
Member

@djc djc commented Sep 27, 2021

Extracts the parts of #1150 that don't rely on rustls 0.20 (now released) and the rustls-native-certs update (not yet done). Arguably should have done this sooner to avoid the rebase, but let's get it done now?

Ralith
Ralith reviewed Sep 27, 2021
View reviewed changes
Copy link
Collaborator

@Ralith Ralith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall; this definitely bites people on a regular basis.

Seems like there's two identically named commits for some reason?

quinn-proto/src/tests/util.rs Outdated Show resolved Hide resolved
quinn/src/endpoint.rs Show resolved Hide resolved
Matthias247
Matthias247 reviewed Sep 27, 2021
View reviewed changes
Copy link
Contributor

@Matthias247 Matthias247 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've only skimmed it.

So one of the gotchas with the previous configs was that some ::default() methods made rustls load TLS root certs from the system, which turned out to be very expensive (100ms+). Sometimes those even had not been used and where overwritten by custom config later on. Is this now better/worse/the-same with these changes?

quinn-proto/src/config.rs Show resolved Hide resolved
@Ralith
Copy link
Collaborator

Ralith commented Sep 27, 2021

Is this now better/worse/the-same with these changes?

I think this is now the same or better. No ClientConfig is constructed by default, so servers will never try to load roots, and clients now have more explicit control in the form of calling with_native_roots or with_root_certificates.

Ralith
Ralith reviewed Sep 27, 2021
View reviewed changes
quinn-proto/src/config.rs Outdated Show resolved Hide resolved
@djc
Copy link
Member Author

djc commented Sep 28, 2021

Seems like there's two identically named commits for some reason?

They're not identically named, one is for ClientConfig and one is for ServerConfig.

@djc djc force-pushed the explicit-tls-configs branch 6 times, most recently from c7087d5 to f031328 Compare September 28, 2021 12:04
Ralith
Ralith requested changes Sep 28, 2021
View reviewed changes
Copy link
Collaborator

@Ralith Ralith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's pretty great how much code this saves, while simultaneously simplifying the API.

They're not identically named

Oops, reading is hard.

bench/src/lib.rs Outdated Show resolved Hide resolved
quinn-proto/src/config.rs Outdated Show resolved Hide resolved
quinn-proto/src/tests/util.rs Show resolved Hide resolved
quinn-proto/src/tests/util.rs Outdated Show resolved Hide resolved
@djc djc force-pushed the explicit-tls-configs branch from f031328 to 9cba8b7 Compare September 29, 2021 09:07
@djc djc force-pushed the explicit-tls-configs branch from 9cba8b7 to 365a426 Compare September 29, 2021 09:11
Ralith
Ralith approved these changes Sep 29, 2021
View reviewed changes
Copy link
Collaborator

@Ralith Ralith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff!

@Ralith Ralith merged commit fed3c5c into main Sep 29, 2021
@Ralith Ralith deleted the explicit-tls-configs branch September 29, 2021 17:12
@Ralith Ralith mentioned this pull request Oct 15, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Matthias247 Matthias247 Matthias247 left review comments

@Ralith Ralith Ralith approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@djc @Ralith @Matthias247