Add compliance comments for secure renegotiation initial handshakes #3485
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
I didn't make any functional changes. I just added compliance comments for sections 3.4 and 3.6 of the secure renegotiation RFC, which describe how a TLS implementation should handle non-renegotiation handshakes. Since we don't support actually doing renegotiation, we only deal with non-renegotiation handshakes.
The duvet github action we borrow from s2n-quic isn't working (it assumes PRs are from branches, not from forks), so I manually uploaded the report:
Callouts
All the "compliance/specs/tools.ietf.org/rfc/*" files are automatically generated by running
duvet extract
. If they're too distracting, I can move them to a separate PR. "compliance/specs/exceptions/rfc5746/4.6.toml" wasn't generated though, and is instead our project's first duvet exceptions.Testing:
New tests for requirements not previously explicitly covered.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.