Upgrade to `rustls@0.23` and `quinn@0.11` #200

finnbear · 2024-08-17T03:56:06Z

Fixes #121
Fixes #175
Supersedes #194

I'm still new to wtransport, quinn, and rustls; this PR should be scrutinized for errors.

Testing

CI
ran client & server examples
testing in my application (localhost)
testing in my application (prod)

production deployments

turnfight.com (Aug 18)
mazean.com

Changelog entries

- deps: update to quinn 0.11 and disable some default features by @finnbear in #200
- deps: update to rustls 0.23 and disable some default features by @finnbear in #200
- deps: update to rustls-pki-types 1.8 by @finnbear in #200
- Make `SendStream::{reset, stopped}` take a reference instead of ownership by @finnbear in #200
- docs: calling `priority` or `reset` after `reset` results in panic by @finnbear in #200
- Remove `Endpoint::reject_new_connections` by @finnbear in #200
- Add `Endpoint::open_connections` by @finnbear in #200
- Add multiple methods for `IncomingSession` for server, usable prior to awaiting it, to replace `quinn`'s `max_concurrent_connections`, `use_retry`, and `reject_new_connections` by @finnbear
- Add `ConnectionError::CidsExhausted` by @finnbear in #200
- Rename `ConnectingError::TooManyConnections` to `ConnectingError::CidsExhausted` by @finnbear in #200
- Rename `ConnectingError::InvalidDnsName` to `ConnectingError::InvalidServerName` by @finnbear in #200
- Add the number of bytes read to `StreamReadExactError::FinishedEarly` by @finnbear in #200
- docs: `with_custom_tls{_and_transport}` require TLS 1.3 support by @finnbear in #200

wtransport/Cargo.toml

wtransport/src/tls.rs

wtransport/src/driver/streams/mod.rs

wtransport/src/stream.rs

wtransport/src/endpoint.rs

BiagioFesta · 2024-08-18T13:59:12Z

That's an amazing contribution! Thank you.
I am going to review this ASAP

wtransport/Cargo.toml

wtransport/src/driver/streams/mod.rs

wtransport/src/endpoint.rs

wtransport/src/tls.rs

BiagioFesta · 2024-08-19T19:11:26Z

In my first production deployment, I spotted a critical issue where the client faithfully echoes the retry token and connection id generated by quinn-proto but quinn-proto fails to decrypt them:
#1
empty token
address_validated=false
retrying with loc=3a87c8db93b2b725 orig=977888e66e7d3d2a tok=[56, 198, 134, 198, 173, 200, 227, 111, 84, 238, 219, 123, 149, 134, 76, 250, 157, 123, 92, 199, 225, 90, 114, 230, 71, 71, 61, 44, 113, 133, 110, 166, 94, 236, 3, 200, 219, 62, 127, 253, 81, 213, 50, 77, 223, 131, 216, 249, 130, 76, 209, 97]

#2
aead_key.open(...) loc=3a87c8db93b2b725 tok=[56, 198, 134, 198, 173, 200, 227, 111, 84, 238, 219, 123, 149, 134, 76, 250, 157, 123, 92, 199, 225, 90, 114, 230, 71, 71, 61, 44, 113, 133, 110, 166, 94, 236, 3, 200, 219, 62, 127, 253, 81, 213, 50, 77, 223, 131, 216, 249, 130, 76, 209, 97]
unknown token
address_validated=false
I'm going to investigate further, but I advise against deploying from this branch if you use .retry().

Lemme know the easiest way to reproduce; if I find some spare time, maybe I can help investigate on this

BiagioFesta · 2024-08-19T21:34:12Z

I am wondering if we can add token_key into a dedicated PR. I don't think it is need for this specific PR

BiagioFesta

Before merge, we need to cleanup the commits history :)

finnbear · 2024-08-19T23:24:16Z

I am wondering if we can add token_key into a dedicated PR. I don't think it is need for this specific PR

Sure, if/when you merge this, I'll make a new PR for that!

wtransport/src/config.rs

BiagioFesta

That's an amazing work. Thank you

finnbear · 2024-08-20T21:42:35Z

Awesome! I'll submit a token_key PR shortly. Consider waiting before publishing a version if you think you might merge that too.

Edit: #201

finnbear marked this pull request as ready for review August 17, 2024 04:56

finnbear marked this pull request as draft August 17, 2024 05:37

finnbear marked this pull request as ready for review August 17, 2024 05:50