Skip to content

Commit 03ab63a

Browse files
CMCDragonkaiCMCDragonkai
committed
WIP
1 parent f3204cf commit 03ab63a

File tree

1 file changed

+72
-29
lines changed

1 file changed

+72
-29
lines changed

src/config.ts

Lines changed: 72 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,60 @@
11
import type { Config as QuicheConfig } from './native/types';
22
import { quiche } from './native';
33

4-
// All the algos chrome supports + ed25519
5-
const supportedPrivateKeyAlgosDefault =
6-
'ed25519:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512';
7-
8-
export type TlsConfig =
9-
| {
10-
certChainPem: string | null;
11-
privKeyPem: string | null;
12-
}
13-
| {
14-
certChainFromPemFile: string | null;
15-
privKeyFromPemFile: string | null;
16-
};
174

185
type QUICConfig = {
19-
// This is the same style as TLS in node.js, where Uint8Array or strings can be used
20-
ca?: string | Array<string> | Uint8Array | Array<Uint8Array>;
21-
226

23-
tlsConfig: TlsConfig | undefined;
7+
/**
8+
* Private key as a PEM string or Uint8Array buffer containing PEM formatted
9+
* key. You can pass multiple keys. The number of keys must match the number
10+
* of certs. Each key must be associated to the the corresponding cert chain.
11+
*/
12+
key?: string | Array<string> | Uint8Array | Array<Uint8Array>;
13+
14+
/**
15+
* X.509 certificate chain in PEM format or Uint8Array buffer containing
16+
* PEM formatted certificate chain. Each string or Uint8Array is a
17+
* certificate chain in subject to issuer order. Multiple certificate chains
18+
* can be passed. The number of certificate chains must match the number of
19+
* keys. Each certificate chain must be associated to the corresponding key.
20+
*/
21+
cert?: string | Array<string> | Uint8Array | Array<Uint8Array>;
22+
23+
/**
24+
* Certificate authority certificate in PEM format or Uint8Array buffer
25+
* containing PEM formatted certificate. Each string or Uint8Array can be
26+
* one certificate or multiple certificates concatenated together. The order
27+
* does not matter, each is an independent certificate authority. Multiple
28+
* concatenated certificate authorities can be passed. They are all
29+
* concatenated together.
30+
*
31+
* When this is not set, this defaults to the operating system's CA
32+
* certificates. OpenSSL (and forks of OpenSSL) all support the
33+
* environment variables `SSL_CERT_DIR` and `SSL_CERT_FILE`.
34+
*/
35+
ca?: string | Array<string> | Uint8Array | Array<Uint8Array>;
2436

25-
// verifyPem: string | undefined;
26-
// verifyFromPemFile: string | undefined;
37+
/**
38+
* Colon separated list of supported signature algorithms.
39+
*
40+
* When this is not set, this defaults to the following list:
41+
* - rsa_pkcs1_sha256
42+
* - rsa_pkcs1_sha384
43+
* - rsa_pkcs1_sha512
44+
* - rsa_pss_rsae_sha256
45+
* - rsa_pss_rsae_sha384
46+
* - rsa_pss_rsae_sha512
47+
* - rsa_pss_pss_sha256
48+
* - rsa_pss_pss_sha384
49+
* - rsa_pss_pss_sha512
50+
* - ecdsa_secp256r1_sha256
51+
* - ecdsa_secp384r1_sha384
52+
* - ecdsa_secp521r1_sha512
53+
* - ed25519
54+
* - ed448
55+
*/
56+
sigalgs?: string;
2757

28-
supportedPrivateKeyAlgos: string | undefined;
2958
verifyPeer: boolean;
3059
logKeys: string | undefined;
3160
grease: boolean;
@@ -42,12 +71,28 @@ type QUICConfig = {
4271
enableEarlyData: boolean;
4372
};
4473

74+
const sigalgs = [
75+
'rsa_pkcs1_sha256',
76+
'rsa_pkcs1_sha384',
77+
'rsa_pkcs1_sha512',
78+
'rsa_pss_rsae_sha256',
79+
'rsa_pss_rsae_sha384',
80+
'rsa_pss_rsae_sha512',
81+
'rsa_pss_pss_sha256',
82+
'rsa_pss_pss_sha384',
83+
'rsa_pss_pss_sha512',
84+
'ecdsa_secp256r1_sha256',
85+
'ecdsa_secp384r1_sha384',
86+
'ecdsa_secp521r1_sha512',
87+
'ed25519',
88+
'ed448',
89+
].join(':');
90+
4591
const clientDefault: QUICConfig = {
4692
ca: undefined,
47-
tlsConfig: undefined,
48-
// verifyPem: undefined,
49-
// verifyFromPemFile: undefined,
50-
supportedPrivateKeyAlgos: supportedPrivateKeyAlgosDefault,
93+
key: undefined,
94+
cert: undefined,
95+
sigalgs,
5196
logKeys: undefined,
5297
verifyPeer: true,
5398
grease: true,
@@ -66,11 +111,9 @@ const clientDefault: QUICConfig = {
66111

67112
const serverDefault: QUICConfig = {
68113
ca: undefined,
69-
tlsConfig: undefined,
70-
71-
// verifyPem: undefined,
72-
// verifyFromPemFile: undefined,
73-
supportedPrivateKeyAlgos: supportedPrivateKeyAlgosDefault,
114+
key: undefined,
115+
cert: undefined,
116+
sigalgs,
74117
logKeys: undefined,
75118
verifyPeer: false,
76119
grease: true,

0 commit comments

Comments
 (0)