impl: uquic with utls

2025-04-03 04:07:35 +03:00 · 2023-07-29 23:45:16 -06:00 · 2023-07-29 23:45:16 -06:00 · fca46117e4
commit fca46117e4
parent 251b3afe6e
56 changed files with 445 additions and 88 deletions
--- a/http3/client.go
+++ b/http3/client.go
@ -2,7 +2,6 @@ package http3

 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@ -13,6 +12,10 @@ import (
 	"sync/atomic"
 	"time"

+	ctls "crypto/tls"
+
+	tls "github.com/refraction-networking/utls"
+
 	"github.com/quic-go/quic-go"
 	"github.com/quic-go/quic-go/internal/protocol"
 	"github.com/quic-go/quic-go/internal/utils"
@ -424,7 +427,25 @@ func (c *client) doRequest(req *http.Request, conn quic.EarlyConnection, str qui
 		return nil, newStreamError(ErrCodeMessageError, err)
 	}
 	connState := conn.ConnectionState().TLS
-	res.TLS = &connState
+
+	// [UQUIC] copy utls.ConnectionState to crypto/tls.ConnectionState
+	cryptoConnState := &ctls.ConnectionState{
+		Version:                     connState.Version,
+		HandshakeComplete:           connState.HandshakeComplete,
+		DidResume:                   connState.DidResume,
+		CipherSuite:                 connState.CipherSuite,
+		NegotiatedProtocol:          connState.NegotiatedProtocol,
+		NegotiatedProtocolIsMutual:  connState.NegotiatedProtocolIsMutual,
+		ServerName:                  connState.ServerName,
+		PeerCertificates:            connState.PeerCertificates,
+		VerifiedChains:              connState.VerifiedChains,
+		SignedCertificateTimestamps: connState.SignedCertificateTimestamps,
+		OCSPResponse:                connState.OCSPResponse,
+		TLSUnique:                   connState.TLSUnique,
+	}
+	res.TLS = cryptoConnState
+	// [/UQUIC]
+
 	res.Request = req
 	// Check that the server doesn't send more data in DATA frames than indicated by the Content-Length header (if set).
 	// See section 4.1.2 of RFC 9114.
--- a/http3/client_test.go
+++ b/http3/client_test.go
@ -4,7 +4,6 @@ import (
 	"bytes"
 	"compress/gzip"
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@ -12,6 +11,8 @@ import (
 	"sync"
 	"time"

+	tls "github.com/refraction-networking/utls"
+
 	"github.com/quic-go/quic-go"
 	mockquic "github.com/quic-go/quic-go/internal/mocks/quic"
 	"github.com/quic-go/quic-go/internal/protocol"
--- a/http3/roundtrip.go
+++ b/http3/roundtrip.go
@ -2,7 +2,6 @@ package http3

 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@ -12,6 +11,8 @@ import (
 	"sync"
 	"sync/atomic"

+	tls "github.com/refraction-networking/utls"
+
 	"golang.org/x/net/http/httpguts"

 	"github.com/quic-go/quic-go"
@ -87,6 +88,9 @@ type RoundTripper struct {
 	newClient func(hostname string, tlsConf *tls.Config, opts *roundTripperOpts, conf *quic.Config, dialer dialFunc) (roundTripCloser, error) // so we can mock it in tests
 	clients   map[string]*roundTripCloserWithCount
 	transport *quic.Transport
+
+	// [UQUIC]
+	ClientHelloSpec *tls.ClientHelloSpec
 }

 // RoundTripOpt are options for the Transport.RoundTripOpt method.
@ -189,7 +193,10 @@ func (r *RoundTripper) getClient(hostname string, onlyCached bool) (rtc *roundTr
 				if err != nil {
 					return nil, false, err
 				}
-				r.transport = &quic.Transport{Conn: udpConn}
+				r.transport = &quic.Transport{
+					Conn:            udpConn,
+					ClientHelloSpec: r.ClientHelloSpec,
+				}
 			}
 			dial = r.makeDialer()
 		}
--- a/http3/roundtrip_test.go
+++ b/http3/roundtrip_test.go
@ -3,13 +3,14 @@ package http3
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"errors"
 	"io"
 	"net/http"
 	"sync/atomic"
 	"time"

+	tls "github.com/refraction-networking/utls"
+
 	"github.com/quic-go/quic-go"
 	"github.com/quic-go/quic-go/internal/qerr"

--- a/http3/server.go
+++ b/http3/server.go
@ -2,7 +2,7 @@ package http3

 import (
 	"context"
-	"crypto/tls"
+	ctls "crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@ -13,6 +13,8 @@ import (
 	"sync"
 	"time"

+	tls "github.com/refraction-networking/utls"
+
 	"github.com/quic-go/quic-go"
 	"github.com/quic-go/quic-go/internal/protocol"
 	"github.com/quic-go/quic-go/internal/utils"
@ -577,7 +579,25 @@ func (s *Server) handleRequest(conn quic.Connection, str quic.Stream, decoder *q
 	}

 	connState := conn.ConnectionState().TLS
-	req.TLS = &connState
+
+	// [UQUIC] copy utls.ConnectionState to crypto/tls.ConnectionState
+	cryptoConnState := &ctls.ConnectionState{
+		Version:                     connState.Version,
+		HandshakeComplete:           connState.HandshakeComplete,
+		DidResume:                   connState.DidResume,
+		CipherSuite:                 connState.CipherSuite,
+		NegotiatedProtocol:          connState.NegotiatedProtocol,
+		NegotiatedProtocolIsMutual:  connState.NegotiatedProtocolIsMutual,
+		ServerName:                  connState.ServerName,
+		PeerCertificates:            connState.PeerCertificates,
+		VerifiedChains:              connState.VerifiedChains,
+		SignedCertificateTimestamps: connState.SignedCertificateTimestamps,
+		OCSPResponse:                connState.OCSPResponse,
+		TLSUnique:                   connState.TLSUnique,
+	}
+	req.TLS = cryptoConnState
+	// [/UQUIC]
+
 	req.RemoteAddr = conn.RemoteAddr().String()

 	// Check that the client doesn't send more data in DATA frames than indicated by the Content-Length header (if set).
--- a/http3/server_test.go
+++ b/http3/server_test.go
@ -3,7 +3,6 @@ package http3
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@ -13,6 +12,8 @@ import (
 	"sync/atomic"
 	"time"

+	tls "github.com/refraction-networking/utls"
+
 	"github.com/quic-go/quic-go"
 	mockquic "github.com/quic-go/quic-go/internal/mocks/quic"
 	"github.com/quic-go/quic-go/internal/protocol"