tlsn icon indicating copy to clipboard operation
tlsn copied to clipboard

Published 20 hours ago verified publisher icon tlsnotary

tls-client as git submodule

Open themighty1 opened this issue 2 years ago • 3 comments

Could we have tls-client as a separate repo which is a git submodule in tlsn. That repo will fork rustls and apply our changes on top of it. This way others can quickly review what modifiations we made to rustls.

themighty1 avatar Jun 08 '22 06:06 themighty1

That was my original plan until I saw just how deep our changes were going to be. Ultimately I decided to rip out quite a lot from rustls (Ring is deeply woven into it), and unbundle some of its components into tls-core and tls-aio. Looking at a diff between rustls and tls-client won't be a clean line-by-line diff, there will be major structural changes. However, I am trying to preserve the test suite as much as possible, and have a light touch on any of the main protocol logic.

sinui0 avatar Jun 08 '22 16:06 sinui0

thanks, makes sense. I guess as long as the test suite is close to the original, that should give enough confidence in our impl. Maybe it would be possible to create 2 commits - one for all the code changes and another "cleaner" one for the test suite changes so that at least those changes could be audited.

themighty1 avatar Jun 08 '22 17:06 themighty1

The test suite can be diffed without encapsulating it as a commit, it's a couple of files.

Rustls also has a BoringSSL (bogo) test shim so we will be able to test our implementation against that as well. I believe it tests things such as downgrade attacks and such. Passing that test suite should be a good attestation to our impls soundness.

sinui0 avatar Jun 09 '22 20:06 sinui0

Closing, stale issue and I believe we concluded against.

sinui0 avatar Jan 13 '23 04:01 sinui0