add optional TCP MD5 Signature RFC2385#25
Merged
Merged
Conversation
senid231
changed the title
There was a problem hiding this comment.
Pull request overview
Adds optional support for RFC2385 TCP MD5 Signature to the TCP transport, exposing it as a tcp_md5_pass: option for clients/transports and documenting/testing the behavior.
Changes:
- Add
tcp_md5_pass:option plumbing in the transport base and implementTCP_MD5SIGsetsockopt inJRPC::Transport::Tcpbefore connect. - Add RSpec coverage for MD5-signed connections (match/mismatch, unsupported platform, overlong key) plus support helpers.
- Document the new option in README and CHANGELOG.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| spec/transport/tcp_spec.rb | Adds integration-style specs covering TCP MD5 signature success/failure paths. |
| spec/support/tcp_md5_helpers.rb | Introduces helpers to probe kernel support and configure an MD5-signing test server socket. |
| README.md | Documents tcp_md5_pass: and explains platform limitations/behavior. |
| lib/jrpc/transport/tcp.rb | Implements RFC2385 key installation on sockets via TCP_MD5SIG. |
| lib/jrpc/transport/base.rb | Adds @tcp_md5_pass option storage for transports. |
| CHANGELOG.md | Notes the new optional TCP MD5 signature feature. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
senid231
force-pushed
the
tcp-md5-signature
branch
from
3bdc391 to
4f10ba2
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TCP MD5 Signature (RFC2385)
Both clients accept
tcp_md5_pass:to enable per-connection authentication via the TCP MD5 Signature option.The kernel signs and verifies every TCP segment with
MD5(key + segment + addresses/ports);a peer with a mismatched or absent key has its segments silently dropped, so the handshake never completes.