Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is a work-in-progress for a handful of reasons:
1. It's not clear what the best way to get a hold of ECH configs to test
with...
You need to get these from DNS, but ideally using encrypted
DNS-over-HTTPS or you're leaking the servername before the TLS
handshake.
`dig` supports this but only with a very recent version which will be
annoying (especially on Windows...). We'll also need to decode the
BASE64 to get the raw encoded form.
We can't easily vendor a copy of a config because these configs tend to
be rotated on a fairly frequent basis.
The approach I've used for now is to add a test binary that fetches
the raw configs for a hardcoded test host using HickoryDNS. This also
kind of sucks since a dev-dep on Hickory is fairly large (and without
care, breaks our MSRV). Ugh!
2. There's some kind of bug to sort out where some requests to the
host w/ ECH works, but some connections are returning data
without a content length header and breaking the loop we use to test
multiple requests.
Need to debug this :-) It's probably something minor? (fingers-crossed).
With the two caveats above in mind, there is some signs of life:
```
RUSTLS_ECH_CONFIG_LIST=tests/research.cloudflare.com.ech.configs.der \
RUSTLS_PLATFORM_VERIFIER=1 \
./target/client research.cloudflare.com 443 /cdn-cgi/trace 2>/dev/null \
| grep "sni="
sni=encrypted
sni=encrypted
sni=encrypted
```- Loading branch information
