Skip to content

RFC 234: support 5 WebTransport h3 servers with different certs #235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jesup wants to merge 1 commit into
base: main
Choose a base branch
from
+58 −0
Open

RFC 234: support 5 WebTransport h3 servers with different certs #235

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions rfcs/webtransport_h3_multiple_certs_test_servers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# RFC 234: WebTransport over HTTP/3 Test Server support 5 instances with different certs for validation of certificate hash values

## Summary

Optionally start 5 instances of the [WebTransport over
HTTP/3](https://datatracker.ietf.org/doc/html/draft-ietf-webtrans-http3-01)
server in [RFC
85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md)
in wpt, that uses instead of the standard certificate a set of self-signed
certificates with different expiration statuses. The certificates are
autogenerated at the startup of the wpt tests within the python code.

## Details

### Implementation

It is a slight modification of the server from [RFC
85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md)
in the `tools/webtransport` directory. The implementation uses the
`cryptography` lib for certificate generation, that is already used by wpt
through the `aioquic` lib.

This is needed to properly test the various requirements for certificate
acceptance in the WebTransport spec: https://w3c.github.io/webtransport/#web-transport-configuration

Proposed implementation is here:
https://phabricator.services.mozilla.com/D278886
and tests using it are here:
https://phabricator.services.mozilla.com/D277256

### Handlers
See [RFC
85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md)
for details.

### `wptserve` integration

See [RFC 85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md) for details.

This adds a python file to generate server certificates
`tools/webtransport/cert_generator.py` and
`tools/webtransport/generate_test_certs.py`. The tests can access the
server certificate hashes via `tests/webtransport/handlers/cert-hash.py`.

There is a 1-line modification to `environment.py` to define the additional
ports use and a small change to `serve.py` to support starting multiple h3
instances.

### Dependencies

The only dependency are `aioquic` as in RFC 85 and `cryptography`, which is already a dependency of `aioquic`.

## Risks

Risks are similar to [RFC
#85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md#risks),
as it is a minimal modification of RFC 85, so that maintenance cost
increase is neglible.