add ALPS extension with support for new_codepoint (#834)

Author: ntrippar

.github/workflows/CI.yml

@@ -41,13 +41,6 @@ jobs:
         with:
           env-vars: "RUST_TOOLCHAIN=${{ matrix.toolchain }}"
           key: ${{ matrix.os }}-${{ matrix.toolchain }}
-        # https://github.com/rust-lang/cmake-rs/pull/259 breaks handling of long Windows paths
-        # https://github.com/cloudflare/boring/issues/414
-        # https://github.com/0x676e67/boring/commit/efacedb5bf409d0d773e8ce4f5080cb4b4c10f54
-      - name: Pin some dependencies, temporary patch for cmake breakage
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          cargo update --package cmake --precise 0.1.54
       - name: check
         run: |
           cargo check --workspace --all-targets --all-features
@@ -89,13 +82,6 @@ jobs:
         with:
           env-vars: "RUST_TOOLCHAIN=${{ matrix.toolchain }}"
           key: ${{ matrix.os }}-${{ matrix.toolchain }}
-        # https://github.com/rust-lang/cmake-rs/pull/259 breaks handling of long Windows paths
-        # https://github.com/cloudflare/boring/issues/414
-        # https://github.com/0x676e67/boring/commit/efacedb5bf409d0d773e8ce4f5080cb4b4c10f54
-      - name: Pin some dependencies, temporary patch for cmake breakage
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          cargo update --package cmake --precise 0.1.54
       - name: clippy
         run: |
           cargo clippy --workspace --all-targets --all-features
@@ -142,13 +128,6 @@ jobs:
         with:
           key: ${{ matrix.os }}-${{ matrix.toolchain }}-${{ matrix.target }}
           env-vars: "RUST_TOOLCHAIN=${{ matrix.toolchain }}"
-        # https://github.com/rust-lang/cmake-rs/pull/259 breaks handling of long Windows paths
-        # https://github.com/cloudflare/boring/issues/414
-        # https://github.com/0x676e67/boring/commit/efacedb5bf409d0d773e8ce4f5080cb4b4c10f54
-      - name: Pin some dependencies, temporary patch for cmake breakage
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          cargo update --package cmake --precise 0.1.54
       - name: Run tests (cargo test)
         run: cargo nextest run --all-features --workspace
       - name: Run doc tests (cargo test)
@@ -308,34 +287,39 @@ jobs:
           env-vars: "RUST_TOOLCHAIN=${{ matrix.rust }}"
           key: ${{ matrix.os }}-${{ matrix.rust }}-${{ matrix.target }}
       - run: rustup target add ${{ matrix.target }}
-      - name: Setup Android NDK
-        if: endsWith(matrix.thing, '-android')
-        uses: nttld/setup-ndk@v1
-        with:
-          ndk-version: r26d
       - name: Configure Android toolchain env
         if: endsWith(matrix.thing, '-android')
         shell: bash
         run: |
           ANDROID_API=21
+
+          # Normalize NDK env vars
+          echo "ANDROID_NDK_HOME=${ANDROID_NDK_HOME:-$ANDROID_NDK}" >> "$GITHUB_ENV"
+          echo "ANDROID_NDK=${ANDROID_NDK:-$ANDROID_NDK_HOME}" >> "$GITHUB_ENV"
+
           TOOLCHAIN="${ANDROID_NDK_HOME}/toolchains/llvm/prebuilt/linux-x86_64/bin"
           echo "${TOOLCHAIN}" >> "$GITHUB_PATH"
 
           TRIPLE="${{ matrix.target }}"
-
-          # What Cargo expects for the linker env var name
           TARGET_UPPER="$(echo "${TRIPLE}" | tr '[:lower:]-' '[:upper:]_')"
-
-          # What cc-rs expects for CC_*/CXX_* env var names
           TARGET_LOWER_UNDERSCORES="$(echo "${TRIPLE}" | tr '-' '_' | tr '[:upper:]' '[:lower:]')"
-
-          # What the NDK clang wrapper is called
           NDK_TRIPLE="$(echo "${TRIPLE}" | sed 's/^armv7/armv7a/')"
 
-          echo "CARGO_TARGET_${TARGET_UPPER}_LINKER=${TOOLCHAIN}/${NDK_TRIPLE}${ANDROID_API}-clang++" >> "$GITHUB_ENV"
-          echo "CC_${TARGET_LOWER_UNDERSCORES}=${TOOLCHAIN}/${NDK_TRIPLE}${ANDROID_API}-clang" >> "$GITHUB_ENV"
-          echo "CXX_${TARGET_LOWER_UNDERSCORES}=${TOOLCHAIN}/${NDK_TRIPLE}${ANDROID_API}-clang++" >> "$GITHUB_ENV"
-          echo "AR_${TARGET_LOWER_UNDERSCORES}=${TOOLCHAIN}/llvm-ar" >> "$GITHUB_ENV"
+          CC_PATH="${TOOLCHAIN}/${NDK_TRIPLE}${ANDROID_API}-clang"
+          CXX_PATH="${TOOLCHAIN}/${NDK_TRIPLE}${ANDROID_API}-clang++"
+          AR_PATH="${TOOLCHAIN}/llvm-ar"
+
+          echo "CARGO_TARGET_${TARGET_UPPER}_LINKER=${CXX_PATH}" >> "$GITHUB_ENV"
+
+          # Target specific for cc-rs style
+          echo "CC_${TARGET_LOWER_UNDERSCORES}=${CC_PATH}" >> "$GITHUB_ENV"
+          echo "CXX_${TARGET_LOWER_UNDERSCORES}=${CXX_PATH}" >> "$GITHUB_ENV"
+          echo "AR_${TARGET_LOWER_UNDERSCORES}=${AR_PATH}" >> "$GITHUB_ENV"
+
+          # Also set generic vars in case your Config only reads CC/CXX/AR
+          echo "CC=${CC_PATH}" >> "$GITHUB_ENV"
+          echo "CXX=${CXX_PATH}" >> "$GITHUB_ENV"
+          echo "AR=${AR_PATH}" >> "$GITHUB_ENV"
       - name: check
         env: ${{ matrix.custom_env }}
         run: |
@@ -415,13 +399,6 @@ jobs:
         with:
           key: ${{ matrix.os }}-${{ matrix.toolchain }}
           env-vars: "RUST_TOOLCHAIN=${{ matrix.toolchain }}"
-        # https://github.com/rust-lang/cmake-rs/pull/259 breaks handling of long Windows paths
-        # https://github.com/cloudflare/boring/issues/414
-        # https://github.com/0x676e67/boring/commit/efacedb5bf409d0d773e8ce4f5080cb4b4c10f54
-      - name: Pin some dependencies, temporary patch for cmake breakage
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          cargo update --package cmake --precise 0.1.54
       - name: Run tests (--ignored)
         run: |
           cargo nextest run --all-features --workspace --run-ignored=only
@@ -454,13 +431,6 @@ jobs:
         with:
           key: ${{ matrix.os }}-${{ matrix.toolchain }}
           env-vars: "RUST_TOOLCHAIN=${{ matrix.toolchain }}"
-        # https://github.com/rust-lang/cmake-rs/pull/259 breaks handling of long Windows paths
-        # https://github.com/cloudflare/boring/issues/414
-        # https://github.com/0x676e67/boring/commit/efacedb5bf409d0d773e8ce4f5080cb4b4c10f54
-      - name: Pin some dependencies, temporary patch for cmake breakage
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          cargo update --package cmake --precise 0.1.54
       - name: Run tests in release mode (--ignored)
         run: |
           cargo nextest run --all-features --release --workspace --run-ignored=only

Cargo.lock

@@ -173,8 +173,8 @@ quickcheck_macros = "1.1"
 quote = "1.0"
 radix_trie = "0.3"
 rama = { version = "0.3.0-rc1", path = "." }
-rama-boring = "0.5.10"
-rama-boring-tokio = "0.5.10"
+rama-boring = "0.5.12"
+rama-boring-tokio = "0.5.12"
 rama-core = { version = "0.3.0-rc1", path = "./rama-core" }
 rama-crypto = { version = "0.3.0-rc1", path = "./rama-crypto" }
 rama-dns = { version = "0.3.0-rc1", path = "./rama-dns" }

Cargo.toml

@@ -59,23 +59,23 @@ as a distant relative.
 These are forks made within other code repositories,
 but still directly in function of Rama.
 
-- <https://github.com/cloudflare/boring/tree/47c33f64284a905bd1c26dc59c5eec6f5f38bf8b>
+- <https://github.com/cloudflare/boring/tree/e71b24328f1cd787f64036d8208a4470ae58e200>
   - boring:
     - Fork: <https://github.com/plabayo/rama-boring/tree/7b3fb171483c6250dc607520cd7cc71c85843ee1/boring>
     - License:
-      - Original: <https://github.com/cloudflare/boring/blob/47c33f64284a905bd1c26dc59c5eec6f5f38bf8b/boring/LICENSE>
+      - Original: <https://github.com/cloudflare/boring/blob/e71b24328f1cd787f64036d8208a4470ae58e200/boring/LICENSE>
       - Type: Apache 2.0
       - Copy: [./licenses/boring](./licenses/boring)
   - boring-sys:
     - Fork: <https://github.com/plabayo/rama-boring/tree/7b3fb171483c6250dc607520cd7cc71c85843ee1/boring-sys>
     - License:
-      - Original: <https://github.com/cloudflare/boring/blob/47c33f64284a905bd1c26dc59c5eec6f5f38bf8b/boring-sys/LICENSE-MIT>
+      - Original: <https://github.com/cloudflare/boring/blob/e71b24328f1cd787f64036d8208a4470ae58e200/boring-sys/LICENSE-MIT>
       - Type: MIT
       - Copy: [./licenses/boring-sys](./licenses/boring-sys)
   - tokio-boring:
     - Fork: <https://github.com/plabayo/rama-boring/tree/7b3fb171483c6250dc607520cd7cc71c85843ee1/tokio-boring>
     - License:
-      - Original: <https://github.com/cloudflare/boring/blob/47c33f64284a905bd1c26dc59c5eec6f5f38bf8b/tokio-boring/LICENSE-MIT>
+      - Original: <https://github.com/cloudflare/boring/blob/e71b24328f1cd787f64036d8208a4470ae58e200/tokio-boring/LICENSE-MIT>
       - Type: MIT
       - Copy: [./licenses/tokio-boring](./licenses/tokio-boring)
 

docs/thirdparty/fork/README.md

@@ -503,12 +503,14 @@ pub(super) async fn get_tls_display_info_and_store(
                         )),
                     }
                 }
-                ClientHelloExtension::ApplicationSettings(v) => TlsDisplayInfoExtension {
-                    id: extension.id().to_string(),
-                    data: Some(TlsDisplayInfoExtensionData::Multi(
-                        v.iter().map(|s| s.to_string()).collect(),
-                    )),
-                },
+                ClientHelloExtension::ApplicationSettings { protocols, .. } => {
+                    TlsDisplayInfoExtension {
+                        id: extension.id().to_string(),
+                        data: Some(TlsDisplayInfoExtensionData::Multi(
+                            protocols.iter().map(|s| s.to_string()).collect(),
+                        )),
+                    }
+                }
                 ClientHelloExtension::SupportedGroups(v) => TlsDisplayInfoExtension {
                     id: extension.id().to_string(),
                     data: Some(TlsDisplayInfoExtensionData::Multi(

rama-cli/src/cmd/serve/fp/data.rs

@@ -143,8 +143,8 @@ impl ClientHello {
     #[must_use]
     pub fn ext_alps(&self) -> Option<&[ApplicationProtocol]> {
         for ext in &self.extensions {
-            if let ClientHelloExtension::ApplicationSettings(alpns) = ext {
-                return Some(&alpns[..]);
+            if let ClientHelloExtension::ApplicationSettings { protocols, .. } = ext {
+                return Some(&protocols[..]);
             }
         }
         None
@@ -239,7 +239,12 @@ pub enum ClientHelloExtension {
     /// # Reference
     ///
     /// - <https://www.ietf.org/archive/id/draft-vvv-tls-alps-01.html>
-    ApplicationSettings(Vec<ApplicationProtocol>),
+    ApplicationSettings {
+        /// application protocols supported for settings negotiation
+        protocols: Vec<ApplicationProtocol>,
+        /// whether to use the new ALPS extension codepoint (0x44cd) or the old one (0x4469)
+        new_codepoint: bool,
+    },
     /// used by the client to indicate which versions of TLS it supports
     ///
     /// # Reference
@@ -291,7 +296,13 @@ impl ClientHelloExtension {
             Self::ApplicationLayerProtocolNegotiation(_) => {
                 ExtensionId::APPLICATION_LAYER_PROTOCOL_NEGOTIATION
             }
-            Self::ApplicationSettings(_) => ExtensionId::APPLICATION_SETTINGS,
+            Self::ApplicationSettings { new_codepoint, .. } => {
+                if *new_codepoint {
+                    ExtensionId::APPLICATION_SETTINGS
+                } else {
+                    ExtensionId::OLD_APPLICATION_SETTINGS
+                }
+            }
             Self::SupportedVersions(_) => ExtensionId::SUPPORTED_VERSIONS,
             Self::CertificateCompression(_) => ExtensionId::COMPRESS_CERTIFICATE,
             Self::DelegatedCredentials(_) => ExtensionId::DELEGATED_CREDENTIAL,