search

apple / swift-nio-ssl

TLS Support for SwiftNIO, based on BoringSSL.
https://swiftpackageindex.com/apple/swift-nio-ssl/main/documentation/niossl
Apache License 2.0
385 stars 139 forks source link

Pass empty psk hint to client callback when none is provided by the server #452

Open martialln opened 7 months ago

martialln commented 7 months ago

Hello,

As I was trying to implement some HTTP calls using async-http-client and TLS-PSK authentication, I realised that my server was not sending any PSK hint.

The actual implementation of the clientPSKCallback makes the server psk hint mandatory. Similarly the implementation of the serverPSKCallback makes the server hint mandatory.

Reading RFC4279 it seems that on the opposite the server psk hint should be provided only on application that mandate it.

5.2. Identity Hint In the absence of an application profile specification specifying otherwise, servers SHOULD NOT provide an identity hint and clients MUST ignore the identity hint field. Applications that do use this field MUST specify its contents, how the value is chosen by the TLS server, and what the TLS client is expected to do with the value.

I made this PR to provide an empty string to the callbacks in the case the server doesn't provide one. Providing an optional might be a better solution in term of semantic but it would break the API.

martialln commented 7 months ago

@Lukasa thanks for your feedback.

I agree with you that deprecating the current API and proposing a new one is better on the long term but I was not confortable proposing it directly :)

I will rework the PR in that direction.