-
Notifications
You must be signed in to change notification settings - Fork 990
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider verifying expected PeerId
as part of auth upgrades
#2946
Comments
If I am not mistaken, this would play nicely with your idea of splitting up the |
It should yes. It would allow us to encode a specific error set where |
Is there anything blocking this currently? I would like to help with this. |
Thank you! Nothing is per se blocking this but implementing it requires some bigger changes to our abstractions. At the moment upgrading a connection or stream is generic via the One idea on how to solve this is that we introduce dedicated upgrade traits for:
Then, the first one can define concrete failure modes such as a peerid mismatch and we can abort the upgrade early. If you want to have a stab at this, I'd suggest to open a draft PR as soon as possible. Likely, we will then have to split that one up into multiple PRs once we settle on a design but first we need some explorative design work. What complicates the issue further is that the A final, albeit only marginally, related issue is that I'd actually like to split out this "upgrade" machinery into a dedicated crate, see #3271. |
So I think this is actually much easier than I initially thought.
The Lastly, we populate this Whilst sounding a bit complicated now, there aren't actually that many moving piece and the change is quite localized. @tthebst Let me know if you are still up for it with this revised idea :) |
@thomaseizinger I started addressing this issue in #4864 following your suggestions above, let me know any feedback. |
That works, but it’s not a very nice behavior. Certificates should be verified during the handshake, as this allows you to abort the connection attempt during TLS handshake.
Verifying the peer ID after the handshake leads to the successful establishment of a connection on the server side, just to have that connection killed 1 RTT later. Even worse, while aborting during the handshake lets the peer know why the handshake failed (as this is communicated by a TLS alert), aborting after handshake completion leaves the peer guessing what went wrong.
Originally posted by @marten-seemann in #2945 (comment)
The text was updated successfully, but these errors were encountered: