Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Multiple Credentials in Kernel Mode Schannel #4096

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Support Multiple Credentials in Kernel Mode Schannel #4096

wants to merge 9 commits into from

Conversation

nibanks
Copy link
Member

@nibanks nibanks commented Jan 29, 2024
edited

Description

Adds a new API to support passing multiple credetials to Schannel in kernel mode. Fixes #3141.

Testing

TODO

Documentation

TODO

@nibanks nibanks requested a review from a team as a code owner January 29, 2024 20:28
@codecov Codecov
Copy link

codecov bot commented Jan 29, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.23%. Comparing base (9cab5bf) to head (d1b016a).
Report is 6 commits behind head on main.

Current head d1b016a differs from pull request most recent head 2f8afbd

Please upload reports for the commit 2f8afbd to get more accurate results.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4096      +/-   ##
==========================================
- Coverage   86.04%   84.23%   -1.82%     
==========================================
  Files          56       56              
  Lines       15382    15384       +2     
==========================================
- Hits        13236    12958     -278     
- Misses       2146     2426     +280

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@anrossi
Copy link
Contributor

anrossi commented Jan 29, 2024

Looks fine to me.
Regarding testing, the setup script could create two certificates for the server, instead of just one (which chain up to the same root certificate), and those two certificates could have different parameters (key algorithm, and hash algorithm).
Then the client could ban one algorithm in its configuration that matches one server cert, but not the other, and ensure the client connects successfully. and then ban the other algorithm and verify again. Also, ban both, and verify the client fails.

nibanks
nibanks commented May 23, 2024
View reviewed changes
src/inc/msquic.h Outdated Show resolved Hide resolved
nibanks
nibanks commented May 23, 2024
View reviewed changes
src/inc/msquic.h Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anrossi anrossi anrossi left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Area: API OS: Windows (Kernel) TLS: Schannel
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for multiple server certificates
2 participants
@nibanks @anrossi