Feature Request: Implement server-side hooks for Server Name Indication (SNI) and Client Certificates

kazu-yamamoto / quic

IETF QUIC library in Haskell

BSD 3-Clause "New" or "Revised" License

91 stars 12 forks source link

Feature Request: Implement server-side hooks for Server Name Indication (SNI) and Client Certificates #59

Closed bjin closed 8 months ago

bjin commented 9 months ago

The tls package offers a Network.TLS.ServerHooks parameter, allowing customization through functions like onClientCertificate and onServerNameIndication on the server side. Could we consider introducing a similar feature in this package?

It seems that the Network.QUIC.Internal.Hooks parameter is primarily designed for debugging and may not offer significant value in real-world scenarios.

kazu-yamamoto commented 9 months ago

Such feature extensions are welcome. Would you provide a flexible design?

bjin commented 9 months ago

I don't know much about how the quic package works internally with the tls package. But after a quick look at the code, it seems like you might be able to set onClientCertificate and onServerNameIndication here:

https://github.com/kazu-yamamoto/quic/blob/1cef983bbbfb8e411d6c6892073c5f2e4e944935/Network/QUIC/TLS.hs#L103-L112

I'm not sure if this will work smoothly, though.

In terms of design, using the same function types for onClientCertificate and onServerNameIndication seems like a reasonable approach to me.

kazu-yamamoto commented 9 months ago

Your approach should work. If you want to know more, please read https://kazu-yamamoto.hatenablog.jp/entry/2020/09/16/150801

kazu-yamamoto commented 9 months ago

Probably, we should expose TLS's ServerHooks entirely from QUIC's ServerConfig.

bjin commented 9 months ago

This appears to be a promising solution, offering users maximum flexibility.

kazu-yamamoto commented 9 months ago

May I ask you to implement it and send a PR?

bjin commented 9 months ago

Sure, it seems like a task suitable for beginners, mainly involving interface changes. I'd like to get this sorted out to use the SNI functionality, but I'm pretty busy lately. I might find time in a few weeks.

BTW, your warp-quic GitHub repository is outdated. Since changes to warp-quic are needed, could you update it to the version on Hackage? This way, I can submit a pull request once the task is completed.

kazu-yamamoto commented 9 months ago

your warp-quic GitHub repository is outdated.

I don't understand this. Do you mean that your warp-quic GitHub repository will be outdated.

bjin commented 9 months ago

I mean, hackage version of warp-quic is different from your kazu-yamamoto/warp-quic repo, see 1 and 2. Maybe you could push new changes to GitHub so I can make warp-quicPR directly on GitHub.

kazu-yamamoto commented 9 months ago

My bad! The correct repo is https://github.com/yesodweb/wai The source of this confusion is a wrong URL in the cabal file. So, I did:

Fix URL in the cabal file and push
Update the metadata on Hackage
Delete the old repo from Hackage