search

quinn-rs / quinn

Async-friendly QUIC implementation in Rust
Apache License 2.0
3.85k stars 394 forks source link

How to abort the handshake? #1259

Closed go-jar closed 2 years ago

go-jar commented 2 years ago

Can I abort the handshake? I tried as follows, but it not worked. I configured server as follows.

fn configure_server() -> Result<quinn::ServerConfig, Box<dyn Error>> {
    let config = rustls::ServerConfig::builder()
        .with_safe_default_cipher_suites()
        .with_safe_default_kx_groups()
        .with_protocol_versions(&[&rustls::version::TLS13])
        .unwrap()
        .with_no_client_auth()
        .with_cert_resolver(Arc::new(SkipResolvesChain{}));
    let server_config = quinn::ServerConfig::with_crypto(Arc::new(config));

    Ok(server_config)
}

struct SkipResolvesChain;

impl rustls::server::ResolvesServerCert for SkipResolvesChain {
    // Return `None` to abort the handshake.
    fn resolve(&self, _client_hello: rustls::server::ClientHello) -> Option<Arc<rustls::sign::CertifiedKey>> {
        None
    }
}

But I don't know how to make the client abort the handshake. I try to configure the client as follows.

fn configure_client() -> quinn::ClientConfig {
    let crypto = rustls::ClientConfig::builder()
        .with_safe_default_cipher_suites()
        .with_safe_default_kx_groups()
        .with_protocol_versions(&[&rustls::version::TLS13])
        .unwrap()
        .with_custom_certificate_verifier(SkipServerVerification::new())
        .with_no_client_auth();
    quinn::ClientConfig::new(Arc::new(crypto))
}

struct SkipServerVerification;

impl SkipServerVerification {
    fn new() -> Arc<Self> {
        Arc::new(Self)
    }
}

impl rustls::client::ServerCertVerifier for SkipServerVerification {
    fn verify_server_cert(
        &self,
        _end_entity: &rustls::Certificate,
        _intermediates: &[rustls::Certificate],
        _server_name: &rustls::ServerName,
        _scts: &mut dyn Iterator<Item = &[u8]>,
        _ocsp_response: &[u8],
        _now: std::time::SystemTime,
    ) -> Result<rustls::client::ServerCertVerified, rustls::Error> {
        Ok(rustls::client::ServerCertVerified::assertion())
    }

    fn request_scts(&self) -> bool {
        false
    }
}

But error occurred:

the cryptographic handshake failed: error 49: unexpected error: no server certificate chain resolved'
djc commented 2 years ago

What do you mean by aborting the handshake exactly? What is the behavior you expect at both the client and the server in that scenario?

go-jar commented 2 years ago

What do you mean by aborting the handshake exactly? What is the behavior you expect at both the client and the server in that scenario?

I want to make the transmitted message unencrypted.

djc commented 2 years ago

QUIC does not supported unencrypted data transmission.

go-jar commented 2 years ago

QUIC does not supported unencrypted data transmission.

Thanks!