Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QUIC Server - Implementation - Server Address Validation Support #302

Closed
Tracked by #52
arapov opened this issue Nov 13, 2023 · 2 comments
Closed
Tracked by #52

QUIC Server - Implementation - Server Address Validation Support #302

arapov opened this issue Nov 13, 2023 · 2 comments
Assignees
@Sashan
Labels
good first issue Any contractor might be able to do useful work here QUIC R2 Chosen for QUIC R2 feature package QUIC
Milestone
3.5.0 Feature Com...

Comments

@arapov
Copy link
Member

arapov commented Nov 13, 2023
edited by hlandau
Loading

Depends on #296
@arapov arapov mentioned this issue Nov 13, 2023
Open
@arapov arapov moved this from New to Backlog in Project Board Nov 13, 2023
@hlandau hlandau added the QUIC label Nov 13, 2023
@hlandau hlandau changed the title Implementation - Server Address Validation Support QUIC Server - Implementation - Server Address Validation Support Nov 13, 2023
@hlandau hlandau added QUIC R2 Chosen for QUIC R2 feature package good first issue Any contractor might be able to do useful work here labels Dec 13, 2023
@arapov arapov moved this from Backlog to To do in Project Board Dec 14, 2023
@nhorman nhorman moved this from New to To do in OpenSSL Release Schedule Apr 18, 2024
@nhorman nhorman added this to the 3.4.0 milestone Apr 19, 2024
@nhorman nhorman mentioned this issue Jun 19, 2024
Closed
@Sashan
Copy link

Sashan commented Jun 24, 2024

there are two branches in my repository:
https://github.com/Sashan/openssl/tree/addr.validation
it enables quic server to send retry packet to challenge client to proceed with IP address validation. the implementation of verify function (ossl_quic_verify_retry_integrity_token()) Is still empty. There are still unanswered questions for Hugo I had, see XXX comments and if 0 sections in code.

The other branch which is related to compliant server is here:
https://github.com/Sashan/openssl/tree/quic.fc
the branch implements mitigation of amplification attack. as described in RFC-9000. Hugo was not happy with my approach. The branch accounts the data from client against connection object if I remember correct. however the data needs to be accounted against QUIC port object. Hugo is right, because port is what understands IP address. I've pushed it to create a reference, but it needs to be reworked completely.

@t8m t8m modified the milestones: 3.4.0, 3.5.0 Sep 10, 2024
@Sashan
Copy link

Sashan commented Nov 1, 2024

Clsoing this issue because iteration is over there are those issues to continue in next iteration:

@Sashan Sashan closed this as completed Nov 1, 2024
@github-project-automation github-project-automation bot moved this from To do to Done in Project Board Nov 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Sashan Sashan

Labels
good first issue Any contractor might be able to do useful work here QUIC R2 Chosen for QUIC R2 feature package QUIC
Projects
Project Board
Status: Done
Milestone
3.5.0 Feature Complete
Development

No branches or pull requests
5 participants
@Sashan @nhorman @arapov @hlandau @t8m