Comments (1)
Client address validation is covered by section 8. In a nutshell: to validate client IP address server must either:
- complete TLS handhake with client
- or ask client to present a validation token generated by server (this is covered by section 8)
whenever client sends its first UDP packet to server, the server may reply with 'RETRY' packet. The retry packet contains a validation token. Client is supposed to send token back to server as a reply to retry packet. This way can server verofu c;oemt's IP address before TLS handshake completes.
The branch here is a proof of concept which generates retry packet with token. The remaining piece to finish is to add implementation of ossl_quic_verify_retry_integrity_token()
(if I remember correct). Then the whole piece needs to be debugged.
My complexity estimate to finish it is 8.
from project.
Related Issues (20)
- ressurect concurrency api PR for QUIC
- ressurect immediate mode polling QUIC PR HOT 1
- document bug wrangler board HOT 1
- review 1 for clusterfuzz heap overflow in hashtable HOT 1
- review 2 for clusterfuzz heap buffer overflow in hashtable
- Create proposal for deprecation of TLS 1.0/1.1 and DTLS 1.0 protocols HOT 3
- Update the functions for explicitly fetched signature algorithms design
- Investigate breakage of the http3 server demo after a few iterations of client connections HOT 5
- Security Officer
- Bug Wrangler
- 1 review for https://github.com/openssl/openssl/pull/23416
- 2 review for https://github.com/openssl/openssl/pull/23416
- 2 review for https://github.com/openssl/openssl/pull/23416
- Bug/PR Wrangler
- Security Officer
- Add support for composite algorithm names (as well as OIDs for them) in our providers
- Address Clusterfuzz heap buffer overflow
- Review items 1-358 on spreadsheet below
- Review 359-717 on spreadsheet below
- Review items 718-1074 on spreadsheet below
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from project.