diff options
| author | Dan McArdle <dmcardle@google.com> | 2021-06-09 15:39:37 -0400 |
|---|---|---|
| committer | David Benjamin <davidben@google.com> | 2021-06-16 21:14:59 +0000 |
| commit | 160a8891ae9a1d03f29aec079a67d97bc773990e (patch) | |
| tree | a43d0341e50b0a89eb982c7a733842cab4e0ecfa /go.mod | |
| parent | 9734e4453bd755562e40388fc7e6d36933b10edc (diff) | |
| download | boringssl-160a8891ae9a1d03f29aec079a67d97bc773990e.zip boringssl-160a8891ae9a1d03f29aec079a67d97bc773990e.tar.gz boringssl-160a8891ae9a1d03f29aec079a67d97bc773990e.tar.bz2 | |
Add util/fetch_ech_config_list.go
I wrote this tool to make it easier to test the ECH client against
real-world servers with the bssl client tool. I found that manually
extracting an ECHConfigList from a raw HTTPS record is unnecessarily
painful.
The tool queries DNS over UDP for HTTPS records. If it finds any HTTPS
records in the response, it attempts to extract an ECHConfigList from
the "ech" SvcParam. It can write each extracted ECHConfigList to a file
in a given directory. Once the ECH client implementation lands, the bssl
client tool should have a new flag that that takes the path to an
ECHConfigList file.
I am using golang.org/x/net/dns/dnsmessage to parse the DNS response. I
recently added the |UnknownResource| type to this library to enable
callers (like us) to extract the bytes of otherwise-unsupported records
(like HTTPS). I updated the dependency with `go get -u golang.org/x/net`.
Although the bssl client tool knows how to resolve the address of its
"-connect" parameter, it is difficult to query HTTPS records in a
platform-agnostic way. If we decide the bssl client should directly
query HTTPS rather than leaning on fetch_ech_config_list.go, we should
look into libresolv. Specifically, the |res_query| function enables the
caller to query arbitrary record types. This may open its own can of
cross-platform worms; macOS and Linux typically ship with different
implementations and it is not available on Windows. For more info, see
`man 3 resolver`.
Bug: 275
Change-Id: I705591658921f60a958164a18b68ffb697c2ea4b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44104
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'go.mod')
| -rw-r--r-- | go.mod | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -2,4 +2,7 @@ module boringssl.googlesource.com/boringssl go 1.13 -require golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 +require ( + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/net v0.0.0-20210525063256-abc453219eb5 // indirect +) |