jackal
jackal copied to clipboard
Support tls-exporter channel binding type
Checklist
- [x]
make test
passes - [x] tests and/or benchmarks are included
- [x] documentation is changed or added
Affected core subsystem(s)
-
pkg/c2s
-
pkg/auth
-
pkg/transport
Description of change
This adds support for the tls-exporter
channel binding type defined in the upcoming RFC 9266 (the RFC is not yet published, but at this stage only last minute editorial changes can be made and it is scheduled for publication). This enables channel binding support for TLS >= 1.3.
EDIT: The RFC has been published.
I guess the answer is no, but are we aware of any client to test this new CB support?
If not, I'm ok to merge it anyway, but just wanted to double check.
I guess the answer is no, but are we aware of any client to test this new CB support?
I've got my own library that we could manually test against; at some point I'd like to setup some integration tests against Jackal too so that this could be automated. I am not aware of any established clients that support this yet though.
Ahh, I removed the "SupportsChannelBinding" stuff but I remember why it can't be removed now: it's part of an interface so we need that method otherwise it's not a Transport type. I've added it back.
As a way to make testing this easier I've added a package to Alpine Linux for jackal (which is what I use in my integration tests). It's pretty straight forward, but if you have any comments or suggestions the original PR can be found here: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/37033