diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4293fb7..3e44060 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,17 +5,23 @@ version: 2 updates: # Enable version updates for cargo - package-ecosystem: "cargo" - # Look for `Cargo.toml` and `lock` files in the `root` directory directory: "/" - # Check the crates.io for updates every day (weekdays) + schedule: + interval: "daily" + + - package-ecosystem: "cargo" + directory: "/rpxy-bin" + schedule: + interval: "daily" + + - package-ecosystem: "cargo" + directory: "/rpxy-lib" schedule: interval: "daily" # Enable version updates for Docker - package-ecosystem: "docker" - # Look for a `Dockerfile` in the `root` directory - directory: "/" - # Check for updates everyday + directory: "/docker" schedule: interval: "daily" @@ -23,5 +29,4 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - # Check for updates everyday interval: "daily" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b578d4b..d9c9478 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,22 +2,20 @@ name: Unit Test on: push: - branches: [ main, develop ] pull_request: - branches: [ main, develop ] + types: [synchronize, opened] env: CARGO_TERM_COLOR: always jobs: test: - runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - name: Run unit tests - run: | - cargo test --verbose + - uses: actions/checkout@v4 + with: + submodules: recursive + - name: Run unit tests + run: | + cargo test --verbose diff --git a/.github/workflows/docker_build_push.yml b/.github/workflows/docker_build_push.yml index 4b15d10..8aa089f 100644 --- a/.github/workflows/docker_build_push.yml +++ b/.github/workflows/docker_build_push.yml @@ -1,11 +1,11 @@ -name: Build and Publish Docker +name: Build and publish docker on: push: branches: - "develop" - "main" - pull_request: - types: [synchronize, opened] + tags: + - "*.*.*" env: GHCR: ghcr.io @@ -51,6 +51,43 @@ jobs: jqtype/rpxy:s2n ghcr.io/junkurihara/rust-rpxy:s2n + - target: "native-roots" + dockerfile: ./docker/Dockerfile + platforms: linux/amd64,linux/arm64 + build-args: | + "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots" + tags-suffix: "-native-roots" + # Aliases must be used only for release builds + aliases: | + jqtype/rpxy:native-roots + ghcr.io/junkurihara/rust-rpxy:native-roots + + - target: "slim-native-roots" + dockerfile: ./docker/Dockerfile-slim + build-args: | + "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots" + build-contexts: | + messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl + messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl + platforms: linux/amd64,linux/arm64 + tags-suffix: "-slim-native-roots" + # Aliases must be used only for release builds + aliases: | + jqtype/rpxy:slim-native-roots + ghcr.io/junkurihara/rust-rpxy:slim-native-roots + + - target: "s2n-native-roots" + dockerfile: ./docker/Dockerfile + build-args: | + "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-roots" + "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" + platforms: linux/amd64,linux/arm64 + tags-suffix: "-s2n-native-roots" + # Aliases must be used only for release builds + aliases: | + jqtype/rpxy:s2n-native-roots + ghcr.io/junkurihara/rust-rpxy:s2n-native-roots + steps: - name: Checkout uses: actions/checkout@v4 @@ -59,46 +96,46 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ${{ env.GHCR }}/${{ env.GHCR_IMAGE_NAME }} - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.GHCR }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Nightly build test on amd64 for pull requests - if: ${{ github.event_name == 'pull_request' }} - uses: docker/build-push-action@v4 - with: - context: . - build-args: ${{ matrix.build-args }} - push: false - build-contexts: ${{ matrix.build-contexts }} - file: ${{ matrix.dockerfile }} - cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }} - cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }} - platforms: linux/amd64 - labels: ${{ steps.meta.outputs.labels }} + # - name: Nightly build test on amd64 for pull requests + # if: ${{ github.event_name == 'pull_request' }} + # uses: docker/build-push-action@v5 + # with: + # context: . + # build-args: ${{ matrix.build-args }} + # push: false + # build-contexts: ${{ matrix.build-contexts }} + # file: ${{ matrix.dockerfile }} + # cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }} + # cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }} + # platforms: linux/amd64 + # labels: ${{ steps.meta.outputs.labels }} - name: Nightly build and push from develop branch if: ${{ (github.ref_name == 'develop') && (github.event_name == 'push') }} - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . build-args: ${{ matrix.build-args }} @@ -115,7 +152,7 @@ jobs: - name: Release build and push from main branch if: ${{ (github.ref_name == 'main') && (github.event_name == 'push') }} - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . build-args: ${{ matrix.build-args }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..ec075c5 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,128 @@ +name: Extract executable binary, upload artifacts, create release +on: + workflow_run: + workflows: + - "Build and publish docker" + types: + - "completed" + +jobs: + on-success: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' }} + strategy: + fail-fast: false + matrix: + include: + - target: "gnu" + platform: linux/amd64 + + - target: "gnu" + platform: linux/arm64 + + - target: "musl" + platform: linux/amd64 + tags-suffix: "-slim" + + - target: "musl" + platform: linux/arm64 + tags-suffix: "-slim" + + - target: "gnu" + build-feature: "-s2n" + platform: linux/amd64 + tags-suffix: "-s2n" + + - target: "gnu" + build-feature: "-s2n" + platform: linux/arm64 + tags-suffix: "-s2n" + + - target: "gnu" + build-feature: "-native-roots" + platform: linux/amd64 + tags-suffix: "-native-roots" + + - target: "gnu" + build-feature: "-native-roots" + platform: linux/arm64 + tags-suffix: "-native-roots" + + - target: "musl" + build-feature: "-native-roots" + platform: linux/amd64 + tags-suffix: "-slim-native-roots" + + - target: "musl" + build-feature: "-native-roots" + platform: linux/arm64 + tags-suffix: "-slim-native-roots" + + - target: "gnu" + build-feature: "-s2n-native-roots" + platform: linux/amd64 + tags-suffix: "-s2n-native-roots" + + - target: "gnu" + build-feature: "-s2n-native-roots" + platform: linux/arm64 + tags-suffix: "-s2n-native-roots" + + steps: + - run: "echo 'The relese triggering workflows passed'" + - name: "set env" + run: | + if [ ${{ matrix.platform }} = "linux/amd64" ];then PLATFORM_MAP="x86_64";else PLATFORM_MAP="aarch64";fi + if [ ${{ github.ref_name == 'develop' }} ];then BUILD_NAME="rpxy-nightly";else BUILD_NAME="rpxy";fi + echo "PLATFORM_MAP=${PLATFORM_MAP}" >> $GITHUB_ENV + echo "TARGET_NAME=${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_ENV + + - name: "docker pull and extract binary from docker image" + id: "extract-binary" + run: | + CONTAINER_ID=`docker create --platform=${{ matrix.platform }} ghcr.io/junkurihara/rust-rpxy:nightly${{ matrix.tags-suffix }}` + docker cp ${CONTAINER_ID}:/rpxy/bin/rpxy /tmp/${TARGET_NAME} + cd /tmp + echo "artifact=${TARGET_NAME}" >> $GITHUB_OUTPUT + + - name: "upload artifacts" + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.extract-binary.outputs.artifact }} + path: "/tmp/${{ steps.extract-binary.outputs.artifact }}" + + on-failure: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'failure' }} + steps: + - run: echo 'The release triggering workflows failed' + + release: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/') + needs: on-success + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: download artifacts + uses: actions/download-artifact@v3 + with: + path: /tmp/rpxy + + - name: make tar.gz of assets + run: | + mkdir /tmp/assets + cd /tmp/rpxy + for i in ./*; do sh -c "cd $i && tar zcvf $i.tar.gz $i && mv $i.tar.gz /tmp/assets/"; done + ls -lha /tmp/assets + + - name: release + uses: softprops/action-gh-release@v1 + if: startsWith(github.ref, 'refs/tags/') + with: + files: /tmp/assets/*.tar.gz + tag_name: ${{ github.ref }} + draft: true + prerelease: false + generate_release_notes: true diff --git a/CHANGELOG.md b/CHANGELOG.md index a7c171f..20ac679 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ ## 0.7.0 (unreleased) +## 0.6.2 + +### Improvement + +- Feat: Add a build feature of `native-roots` to use the system's default root cert store. +- Feat: Add binary release in addition to container release +- Refactor: lots of minor improvements + ## 0.6.1 ### Bugfix diff --git a/docker/Dockerfile-slim b/docker/Dockerfile-slim index 46afe57..0aa69cc 100644 --- a/docker/Dockerfile-slim +++ b/docker/Dockerfile-slim @@ -4,6 +4,8 @@ FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:${TARGETARCH}-musl AS bu LABEL maintainer="Jun Kurihara" ARG TARGETARCH +ARG CARGO_FEATURES +ENV CARGO_FEATURES ${CARGO_FEATURES} RUN if [ $TARGETARCH = "amd64" ]; then \ echo "x86_64" > /arch; \ @@ -23,7 +25,7 @@ COPY . /tmp/ ENV RUSTFLAGS "-C link-arg=-s" RUN echo "Building rpxy from source" && \ - cargo build --release --target $(cat /arch)-unknown-linux-musl && \ + cargo build --release --target $(cat /arch)-unknown-linux-musl ${CARGO_FEATURES} && \ musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \ cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy diff --git a/docker/docker-compose-slim.yml b/docker/docker-compose-slim.yml index 9d1e271..90f5e76 100644 --- a/docker/docker-compose-slim.yml +++ b/docker/docker-compose-slim.yml @@ -9,15 +9,17 @@ services: - 127.0.0.1:8080:8080/tcp - 127.0.0.1:8443:8443/udp - 127.0.0.1:8443:8443/tcp - # build: # Uncomment if you build yourself - # context: ../ - # additional_contexts: - # - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl - # - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl - # dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl - # platforms: # Choose your platforms - # - "linux/amd64" - # # - "linux/arm64" + build: # Uncomment if you build yourself + context: ../ + additional_contexts: + - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl + - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl + # args: # Uncomment when build with native cert store + # - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots" + dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl + platforms: # Choose your platforms + # - "linux/amd64" + - "linux/arm64" environment: - LOG_LEVEL=debug - LOG_TO_FILE=true diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 063ce82..bac5957 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -9,15 +9,17 @@ services: - 127.0.0.1:8080:8080/tcp - 127.0.0.1:8443:8443/udp - 127.0.0.1:8443:8443/tcp - # build: # Uncomment if you build yourself - # context: ../ - # args: # Uncomment when build quic-s2n version - # - "CARGO_FEATURES=--no-default-features --features http3-s2n" - # - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" - # dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu - # platforms: # Choose your platforms - # - "linux/amd64" - # # - "linux/arm64" + build: # Uncomment if you build yourself + context: ../ + # args: # Uncomment when build quic-s2n version + # - "CARGO_FEATURES=--no-default-features --features=http3-s2n" + # - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" + # args: # Uncomment when build with native cert store + # - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots" + dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu + platforms: # Choose your platforms + # - "linux/amd64" + - "linux/arm64" environment: - LOG_LEVEL=debug - LOG_TO_FILE=true diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index c162a9c..fbe14dc 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rpxy" -version = "0.6.1" +version = "0.6.2" authors = ["Jun Kurihara"] homepage = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy" @@ -16,6 +16,7 @@ default = ["http3-quinn", "cache"] http3-quinn = ["rpxy-lib/http3-quinn"] http3-s2n = ["rpxy-lib/http3-s2n"] cache = ["rpxy-lib/cache"] +native-roots = ["rpxy-lib/native-roots"] [dependencies] rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [ @@ -26,7 +27,7 @@ anyhow = "1.0.75" rustc-hash = "1.1.0" serde = { version = "1.0.188", default-features = false, features = ["derive"] } derive_builder = "0.12.0" -tokio = { version = "1.32.0", default-features = false, features = [ +tokio = { version = "1.33.0", default-features = false, features = [ "net", "rt-multi-thread", "time", @@ -38,8 +39,8 @@ rustls-pemfile = "1.0.3" mimalloc = { version = "*", default-features = false } # config -clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] } -toml = { version = "0.7.8", default-features = false, features = ["parse"] } +clap = { version = "4.4.6", features = ["std", "cargo", "wrap_help"] } +toml = { version = "0.8", default-features = false, features = ["parse"] } hot_reload = "0.1.4" # logging diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index 4ca6822..c7cce09 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rpxy-lib" -version = "0.6.1" +version = "0.6.2" authors = ["Jun Kurihara"] homepage = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy" @@ -17,6 +17,7 @@ http3-quinn = ["quinn", "h3", "h3-quinn", "socket2"] http3-s2n = ["h3", "s2n-quic", "s2n-quic-rustls", "s2n-quic-h3"] sticky-cookie = ["base64", "sha2", "chrono"] cache = ["http-cache-semantics", "lru"] +native-roots = ["hyper-rustls/native-tokio"] [dependencies] rand = "0.8.5" @@ -24,7 +25,7 @@ rustc-hash = "1.1.0" bytes = "1.5.0" derive_builder = "0.12.0" futures = { version = "0.3.28", features = ["alloc", "async-await"] } -tokio = { version = "1.32.0", default-features = false, features = [ +tokio = { version = "1.33.0", default-features = false, features = [ "net", "rt-multi-thread", "time", @@ -37,7 +38,7 @@ hot_reload = "0.1.4" # reloading certs # Error handling anyhow = "1.0.75" -thiserror = "1.0.48" +thiserror = "1.0.49" # http and tls hyper = { version = "0.14.27", default-features = false, features = [ @@ -54,7 +55,7 @@ hyper-rustls = { version = "0.24.1", default-features = false, features = [ ] } tokio-rustls = { version = "0.24.1", features = ["early-data"] } rustls = { version = "0.21.7", default-features = false } -webpki = "0.22.1" +webpki = "0.22.4" x509-parser = "0.15.1" # logging @@ -67,7 +68,7 @@ h3 = { path = "../submodules/h3/h3/", optional = true } # h3-quinn = { path = "./h3/h3-quinn/", optional = true } h3-quinn = { path = "../submodules/h3-quinn/", optional = true } # Tentative to support rustls-0.21 # for UDP socket wit SO_REUSEADDR when h3 with quinn -socket2 = { version = "0.5.3", features = ["all"], optional = true } +socket2 = { version = "0.5.4", features = ["all"], optional = true } s2n-quic = { path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [ "provider-tls-rustls", ], optional = true } @@ -76,16 +77,16 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio # cache http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true } -lru = { version = "0.11.1", optional = true } +lru = { version = "0.12.0", optional = true } # cookie handling for sticky cookie -chrono = { version = "0.4.30", default-features = false, features = [ +chrono = { version = "0.4.31", default-features = false, features = [ "unstable-locales", "alloc", "clock", ], optional = true } -base64 = { version = "0.21.3", optional = true } -sha2 = { version = "0.10.7", default-features = false, optional = true } +base64 = { version = "0.21.4", optional = true } +sha2 = { version = "0.10.8", default-features = false, optional = true } [dev-dependencies] diff --git a/rpxy-lib/src/handler/forwarder.rs b/rpxy-lib/src/handler/forwarder.rs index 43cf098..4764d36 100644 --- a/rpxy-lib/src/handler/forwarder.rs +++ b/rpxy-lib/src/handler/forwarder.rs @@ -1,8 +1,6 @@ #[cfg(feature = "cache")] use super::cache::{get_policy_if_cacheable, RpxyCache}; -#[cfg(feature = "cache")] -use crate::log::*; -use crate::{error::RpxyError, globals::Globals, CryptoSource}; +use crate::{error::RpxyError, globals::Globals, log::*, CryptoSource}; use async_trait::async_trait; #[cfg(feature = "cache")] use bytes::Buf; @@ -118,18 +116,22 @@ where impl Forwarder, Body> { /// Build forwarder pub async fn new(_globals: &std::sync::Arc>) -> Self { - // let connector = TrustDnsResolver::default().into_rustls_webpki_https_connector(); - let connector = hyper_rustls::HttpsConnectorBuilder::new() - .with_webpki_roots() - .https_or_http() - .enable_http1() - .enable_http2() - .build(); - let connector_h2 = hyper_rustls::HttpsConnectorBuilder::new() - .with_webpki_roots() - .https_or_http() - .enable_http2() - .build(); + #[cfg(feature = "native-roots")] + let builder = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots(); + #[cfg(feature = "native-roots")] + let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots(); + #[cfg(feature = "native-roots")] + info!("Native cert store is used for the connection to backend applications"); + + #[cfg(not(feature = "native-roots"))] + let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots(); + #[cfg(not(feature = "native-roots"))] + let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots(); + #[cfg(not(feature = "native-roots"))] + info!("Mozilla WebPKI root certs is used for the connection to backend applications"); + + let connector = builder.https_or_http().enable_http1().enable_http2().build(); + let connector_h2 = builder_h2.https_or_http().enable_http2().build(); let inner = Client::builder().build::<_, Body>(connector); let inner_h2 = Client::builder().http2_only(true).build::<_, Body>(connector_h2); diff --git a/rpxy-lib/src/proxy/proxy_tls.rs b/rpxy-lib/src/proxy/proxy_tls.rs index da4205e..7c5d601 100644 --- a/rpxy-lib/src/proxy/proxy_tls.rs +++ b/rpxy-lib/src/proxy/proxy_tls.rs @@ -46,13 +46,13 @@ where let client_hello = start.client_hello(); let server_name = client_hello.server_name(); debug!("HTTP/2 or 1.1: SNI in ClientHello: {:?}", server_name); - let server_name = server_name.map_or_else(|| None, |v| Some(v.to_server_name_vec())); - if server_name.is_none(){ + let server_name_in_bytes = server_name.map_or_else(|| None, |v| Some(v.to_server_name_vec())); + if server_name_in_bytes.is_none(){ return Err(RpxyError::Proxy("No SNI is given".to_string())); } - let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name.as_ref().unwrap()); + let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name_in_bytes.as_ref().unwrap()); if server_crypto.is_none() { - return Err(RpxyError::Proxy(format!("No TLS serving app for {:?}", "xx"))); + return Err(RpxyError::Proxy(format!("No TLS serving app for {:?}", server_name.unwrap()))); } let stream = match start.into_stream(server_crypto.unwrap().clone()).await { Ok(s) => s, @@ -60,7 +60,7 @@ where return Err(RpxyError::Proxy(format!("Failed to handshake TLS: {e}"))); } }; - self_inner.client_serve(stream, server_clone, client_addr, server_name); + self_inner.client_serve(stream, server_clone, client_addr, server_name_in_bytes); Ok(()) }; diff --git a/submodules/quinn b/submodules/quinn index 5d4d583..e1e1e6e 160000 --- a/submodules/quinn +++ b/submodules/quinn @@ -1 +1 @@ -Subproject commit 5d4d58387d77db952c47168ed2185b6a38b8717a +Subproject commit e1e1e6e392a382fbded42ca010505fecb8fe3655 diff --git a/submodules/s2n-quic b/submodules/s2n-quic index 9fd762a..c88e64b 160000 --- a/submodules/s2n-quic +++ b/submodules/s2n-quic @@ -1 +1 @@ -Subproject commit 9fd762a538924f943c4c8ae0aae95337635fb485 +Subproject commit c88e64b6c58891651954834207d974de80e9bba8