diff options
| author | Dan McArdle <dmcardle@google.com> | 2021-06-09 15:39:37 -0400 |
|---|---|---|
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-06-16 22:29:27 +0000 |
| commit | 995574c22569576f024ce730fecec9678dfc63ed (patch) | |
| tree | ddb2a80d16df52df6afa8498804b3ab43ba42635 /go.mod | |
| parent | 9a5abe05cc999177bc55949c9243b3bc360595cb (diff) | |
| download | boringssl-995574c22569576f024ce730fecec9678dfc63ed.zip boringssl-995574c22569576f024ce730fecec9678dfc63ed.tar.gz boringssl-995574c22569576f024ce730fecec9678dfc63ed.tar.bz2 | |
Reland "Add util/fetch_ech_config_list.go"
This is a reland of 160a8891ae9a1d03f29aec079a67d97bc773990e with go.mod
and go.sum fixed. This updates golang.org/x/crypto, adds the latest
golang.org/x/net as a direct dependency (it was previously an indirect
dependency via x/crypto), and cleans up stale entries from go.sum with
go mod tidy.
Original change's description:
> Add util/fetch_ech_config_list.go
>
> I wrote this tool to make it easier to test the ECH client against
> real-world servers with the bssl client tool. I found that manually
> extracting an ECHConfigList from a raw HTTPS record is unnecessarily
> painful.
>
> The tool queries DNS over UDP for HTTPS records. If it finds any HTTPS
> records in the response, it attempts to extract an ECHConfigList from
> the "ech" SvcParam. It can write each extracted ECHConfigList to a file
> in a given directory. Once the ECH client implementation lands, the bssl
> client tool should have a new flag that that takes the path to an
> ECHConfigList file.
>
> I am using golang.org/x/net/dns/dnsmessage to parse the DNS response. I
> recently added the |UnknownResource| type to this library to enable
> callers (like us) to extract the bytes of otherwise-unsupported records
> (like HTTPS). I updated the dependency with `go get -u golang.org/x/net`.
>
> Although the bssl client tool knows how to resolve the address of its
> "-connect" parameter, it is difficult to query HTTPS records in a
> platform-agnostic way. If we decide the bssl client should directly
> query HTTPS rather than leaning on fetch_ech_config_list.go, we should
> look into libresolv. Specifically, the |res_query| function enables the
> caller to query arbitrary record types. This may open its own can of
> cross-platform worms; macOS and Linux typically ship with different
> implementations and it is not available on Windows. For more info, see
> `man 3 resolver`.
>
> Bug: 275
> Change-Id: I705591658921f60a958164a18b68ffb697c2ea4b
> Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44104
> Reviewed-by: David Benjamin <davidben@google.com>
Bug: 275
Change-Id: I9571e96c7a2ad7e239d86a353929a4e556d71287
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48106
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Diffstat (limited to 'go.mod')
| -rw-r--r-- | go.mod | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -2,4 +2,7 @@ module boringssl.googlesource.com/boringssl go 1.13 -require golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 +require ( + golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a + golang.org/x/net v0.0.0-20210614182718-04defd469f4e +) |