Week7 Update - HackMD

# Week7 Update ## TL;DR 1. Basic connectivity test of `QuicTransport` works. Make the draft [PR](https://github.com/zen-eth/zig-libp2p/pull/30) ready to review. 2. Fix the Zig and C/C++ compiler difference issue by adding C flags. Open the [PR](https://github.com/zen-eth/lsquic/pull/1) 3. Fix the handshake could not be promoted issue by adding the ALPN and Certificate signature list in SSL context. ## C flags in the `build.zig` We could specific the C flags in the `build.zig` and let Zig compiler to use C-like approaches to optimize. ```zig c_flags.appendSlice(&.{ "-DLSQUIC_DEBUG_NEXT_ADV_TICK=1", "-DLSQUIC_CONN_STATS=1", "-DLSQUIC_DEVEL=1", "-DLSQUIC_WEBTRANSPORT_SERVER_SUPPORT=1", "-fno-sanitize=undefined", }) catch @panic("OOM"); if (optimize == .Debug) { c_flags.appendSlice(&.{ "-O0", "-g3" }) catch @panic("OOM"); } else { c_flags.appendSlice(&.{ "-O3", "-g0" }) catch @panic("OOM"); } lib.addCSourceFiles(.{ .root = upstream.path("src/liblsquic"), .files = lsquic_files, .flags = c_flags.items, }); lib.addCSourceFile(.{ .file = lsqpack_dep.path("lsqpack.c"), .flags = c_flags.items }); lib.addCSourceFile(.{ .file = lshpack_dep.path("lshpack.c"), .flags = c_flags.items }); lib.addCSourceFile(.{ .file = lshpack_dep.path("deps/xxhash/xxhash.c"), .flags = c_flags.items }); ``` ## libp2p SSL Context It must specific ALPN so that handshake could be promoted, after that certificate signature algorithm used to verify cert signature first, then customized certificate callback function will be called. ```zig fn initSslContext(subject_key: *ssl.EVP_PKEY, cert: *ssl.X509) !*ssl.SSL_CTX { const ssl_ctx = ssl.SSL_CTX_new(ssl.TLS_method()) orelse return error.InitializationFailed; // Limit the protocol versions to TLS 1.3 only. // This is required for QUIC to work properly. if (ssl.SSL_CTX_set_min_proto_version(ssl_ctx, ssl.TLS1_3_VERSION) == 0) return error.InitializationFailed; if (ssl.SSL_CTX_set_max_proto_version(ssl_ctx, ssl.TLS1_3_VERSION) == 0) return error.InitializationFailed; // Disable older protocols and compression. if (ssl.SSL_CTX_set_options(ssl_ctx, ssl.SSL_OP_NO_TLSv1 | ssl.SSL_OP_NO_TLSv1_1 | ssl.SSL_OP_NO_TLSv1_2 | ssl.SSL_OP_NO_COMPRESSION | ssl.SSL_OP_NO_SSLv2 | ssl.SSL_OP_NO_SSLv3) == 0) return error.InitializationFailed; // Set the custom verification callback for the SSL context. // This callback is used to verify the peer's certificate. // It is set to verify the peer's certificate and fail if no peer certificate is provided. // It also sets the callback for certificate verification. ssl.SSL_CTX_set_verify(ssl_ctx, ssl.SSL_VERIFY_PEER | ssl.SSL_VERIFY_FAIL_IF_NO_PEER_CERT | ssl.SSL_VERIFY_CLIENT_ONCE, null); ssl.SSL_CTX_set_cert_verify_callback(ssl_ctx, tls.libp2pVerifyCallback, null); // Set the certificate algorithm preferences for the SSL context. if (ssl.SSL_CTX_set_verify_algorithm_prefs(ssl_ctx, SignatureAlgs.ptr, @intCast(SignatureAlgs.len)) == 0) @panic("SSL_CTX_set_verify_algorithm_prefs failed\n"); // Set the SSL context to use the provided subject key and certificate. if (ssl.SSL_CTX_use_PrivateKey(ssl_ctx, subject_key) == 0) { @panic("SSL_CTX_use_PrivateKey failed"); } if (ssl.SSL_CTX_use_certificate(ssl_ctx, cert) == 0) { @panic("SSL_CTX_use_certificate failed"); } // Set the ALPN protocols for the SSL context. if (ssl.SSL_CTX_set_alpn_protos(ssl_ctx, tls.ALPN_PROTOS.ptr, @intCast(tls.ALPN_PROTOS.len)) != 0) { return error.InitializationFailed; } // Set the ALPN select callback for the SSL context. ssl.SSL_CTX_set_alpn_select_cb(ssl_ctx, tls.alpnSelectCallbackfn, null); return ssl_ctx; } ``` ## Next Try to implement peerid spec and integrate multistream select.