CVPN-2549: Centralise TLS imports

README.md

@@ -516,8 +516,8 @@ The resulting file can then be exported to Wireshark to decrypt data traffic. Th
 https://www.wireshark.org/docs/wsug_html_chunked/ChIOExportSection.html#ChIOExportTLSSessionKeys
 https://wiki.wireshark.org/TLS#using-the-pre-master-secret
 
-### WolfSSL debug logging
+### TLS debug logging
 
 Both `lightway-client` and `lightway-server` support a `--tls-debug`
 option when built with their respective `debug` feature enabled. This
-enables WolfSSL's debug logging.
+enables TLS's debug logging.

docs/connection_state_machine.md

@@ -19,7 +19,7 @@ stateDiagram-v2
     note left of Connecting
       Secure (D)TLS connection negotiated
 
-      wolfssl#colon;#colon;Session#colon;#colon;try_negotiate()
+      tls#colon;#colon;Session#colon;#colon;try_negotiate()
       called until success or failure.
     end note
 

docs/inside_packet_codec.md

@@ -3,8 +3,8 @@
 Lightway core in UDP supports encoding the inside packets through the packet codec interface.
 
 A codec consists of:
-- An encoder that encodes the inside packets that are sent from the tunnel (i.e., before they are encrypted by WolfSSL).
-- A decoder that decodes the inside packets that are to be sent to the tunnel (i.e., after they are decrypted by WolfSSL).
+- An encoder that encodes the inside packets that are sent from the tunnel (i.e., before they are encrypted by TLS).
+- A decoder that decodes the inside packets that are to be sent to the tunnel (i.e., after they are decrypted by TLS).
 
 The codec is not necessarily used all the time; it is not required that all packets are encoded throughout the connection. 
 1. The codec can decide whether the packet should be encoded based on its internal implementation.
@@ -18,11 +18,11 @@ Lightway-core accepts either encoded or non-encoded packets when its state is `C
 The following describes the path the packet flows through when a codec is enabled and the packet is accepted by the codec:
 ### Inside to Outside
 ```
-Tunnel -> Inside IO Loop -> Plugin -> Encoder -> Encoded Packet Handler Loop -> WolfSSL Encrypt -> ...
+Tunnel -> Inside IO Loop -> Plugin -> Encoder -> Encoded Packet Handler Loop -> TLS Encrypt -> ...
 ```
 ### Outside to Inside
 ```
-... -> WolfSSL Decrypt -> Decoder -> Decoded Packet Handler Loop -> Plugin -> Tunnel
+... -> TLS Decrypt -> Decoder -> Decoded Packet Handler Loop -> Plugin -> Tunnel
 ```
 
 ## Implementation

docs/logs_and_metrics.md

@@ -30,7 +30,7 @@ Lightway server also supports metrics to monitor. The following are the metrics
 | connection_accept_proxy_header_failed | server | Counter | A new connection did cnot present a valid PROXY header |
 | conn_create_failed | server | Counter | A new connection could not be created |
 | conn_alloc_frag_map | core | Counter | A connection has used a fragmented data packet.<br>Therefore the 2M FragmentMap has been allocated |
-| wolfssl_appdata | core | Counter | An AppData result occurred during a WolfSSL operation.<br><br>Given current configuration we do not expect this to be non-zero |
+| tls_appdata | core | Counter | An AppData result occurred during a TLS operation.<br><br>Given current configuration we do not expect this to be non-zero |
 | session_id_mismatch | core | Counter | Server has received a mismatched session_id in the header after the packet content has been validated <br><br>Should generally be expected to happen rarely|
 | received_encoding_req_non_online | core | Counter | Server received an encoding request when the Connection state is not Online |
 | received_encoding_req_with_tcp | core | Counter | Server received an encoding request when the Connection type is TCP |
@@ -43,8 +43,8 @@ Lightway server also supports metrics to monitor. The following are the metrics
 | conn_online | server | Counter | Counts connection which have reached the “online” state after successful authentication |
 | conn_rejected_no_free_ip | server | Counter | Counts connections which were rejected at auth time due to a lack of free IPs in the server pool<br><br>Should generally be expected to be 0 |
 | conn_rejected_access_denied | server | Counter | Counts connections rejected due to invalid auth |
-| conn_tls_error | server | Counter | Counts connections which failed due to a TLS failure from WolfSSL |
-| conn_unknown_error | server | Counter | Counts connections which failed due to a non-TLS failure from WolfSSL |
+| conn_tls_error | server | Counter | Counts connections which failed due to a TLS failure|
+| conn_unknown_error | server | Counter | Counts connections which failed due to a non-TLS failure |
 | conn_aged_out | server | Counter | Counts connections which are disconnected due to being idle (after 1 day of inactivity) |
 | user_auth_eviction | server | Counter | Counts connections which are disconnected due to their auth expiring |
 | conn_client_closed | server | Counter | Counts connections which have been closed since client initiate Disconnect |

lightway-app-utils/src/lib.rs

@@ -37,8 +37,8 @@ pub use utils::{Validate, validate_configuration_file_path};
 
 mod packet_codec;
 #[cfg(feature = "debug")]
-mod wolfssl_tracing;
+mod tracing;
 #[cfg(feature = "debug")]
-pub use wolfssl_tracing::wolfssl_tracing_callback;
+pub use tracing::tls_tracing_callback;
 
 pub use packet_codec::{PacketCodec, PacketCodecFactory, PacketCodecFactoryType};

lightway-app-utils/src/wolfssl_tracing.rs → lightway-app-utils/src/tracing.rs

@@ -3,14 +3,14 @@
 use std::ffi::CStr;
 use tracing::debug;
 
-/// Callback function to WolfSSL's [`set_logging_callback`] (which conforms to [`WolfsslLoggingCallback`])
+/// Callback function to TLS's [`set_logging_callback`] (which conforms to [`TlsLoggingCallback`])
 /// It will pass the log message to [`tracing`] via `debug` macro.
 /// This is marked `unsafe` to match the `bindgen`-generated function type for FFI compatibility.
 /// # SAFETY
-/// The caller must originate from the WolfSSL library's logging callback,
+/// The caller must originate from the TLS library's logging callback,
 /// as it is not designed to be used or called from Rust.
 #[allow(non_snake_case)]
-pub unsafe extern "C" fn wolfssl_tracing_callback(
+pub unsafe extern "C" fn tls_tracing_callback(
     _logLevel: std::os::raw::c_int,
     logMessage: *const std::os::raw::c_char,
 ) {
@@ -20,7 +20,7 @@ pub unsafe extern "C" fn wolfssl_tracing_callback(
     // SAFETY: Based on the safety requirements for CStr
     // https://doc.rust-lang.org/std/ffi/struct.CStr.html#safety
     // We check the pointer is not null, and the string pointed will be
-    // null terminated since it is generated as snprintf from wolfssl
+    // null terminated since it is generated as snprintf from tls
     // Ref: https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/logging.c
     let c_str = unsafe { CStr::from_ptr(logMessage) };
     let msg = c_str.to_str().unwrap_or("Unable to decode C string");

lightway-client/src/config.rs

@@ -250,7 +250,7 @@ pub struct Config {
     #[patch(attribute(clap(long)))]
     #[patch(empty_value = false)]
     #[patch(attribute(serde(default)))]
-    #[patch(attribute(doc = "Enable WolfSSL debug logging"))]
+    #[patch(attribute(doc = "Enable TLS debug logging"))]
     pub tls_debug: bool,
 
     #[cfg(windows)]
@@ -284,7 +284,7 @@ impl Config {
     }
 
     /// Try build CA from ca_crt
-    pub fn load_ca(&self) -> Result<lightway_core::wolfssl::RootCertificate<'_>, Error> {
+    pub fn load_ca(&self) -> Result<lightway_core::tls::RootCertificate<'_>, Error> {
         load_ca(&self.ca_cert)
     }
 
@@ -293,7 +293,7 @@ impl Config {
     pub fn load_ca_file<'a>(
         &self,
         ca_path: &'a mut Option<PathBuf>,
-    ) -> lightway_core::wolfssl::RootCertificate<'a> {
+    ) -> lightway_core::tls::RootCertificate<'a> {
         if ca_path.is_none() {
             *ca_path = Some(PathBuf::from(&self.ca_cert));
         }
@@ -461,7 +461,7 @@ impl ConnectionConfig {
 
     /// Try build CA from ca_crt
     #[cfg(feature = "mobile")]
-    pub fn load_ca(&self) -> Result<lightway_core::wolfssl::RootCertificate<'_>, Error> {
+    pub fn load_ca(&self) -> Result<lightway_core::tls::RootCertificate<'_>, Error> {
         self.ca_cert
             .as_ref()
             .map(|ca| load_ca(ca))
@@ -644,7 +644,7 @@ fn take_auth(
     }
 }
 
-fn load_ca(ca: &String) -> Result<lightway_core::wolfssl::RootCertificate<'_>, Error> {
+fn load_ca(ca: &String) -> Result<lightway_core::tls::RootCertificate<'_>, Error> {
     if ca.starts_with("-----BEGIN CERTIFICATE-----") {
         Ok(RootCertificate::PemBuffer(ca.as_bytes()))
     } else {

lightway-client/src/io/outside/udp.rs

@@ -38,7 +38,7 @@ impl Udp {
         };
         let default_ip_pmtudisc = sockopt::get_ip_mtu_discover(&sock)?;
         // Check for the socket's writable ready status, so that it can be used
-        // successfuly in WolfSsl's `OutsideIOSendCallback` callback
+        // successfuly in TLS's `OutsideIOSendCallback` callback
         sock.writable().await?;
 
         Ok(Self {
@@ -162,14 +162,14 @@ impl OutsideIOSendCallback for Udp {
             Err(err) if matches!(err.kind(), std::io::ErrorKind::ConnectionRefused) => {
                 // Possibly the server isn't listening (yet).
                 //
-                // Swallow the error so the WolfSSL socket does not
-                // enter the error state, and DTLS would handle retransmission as well.
+                // Swallow the error so the TLS socket does not
+                // enter the error state, and DTLS would handles the retransmission as well.
                 //
                 // This way we can continue if/when the server shows up.
                 //
                 // Returning the number of bytes requested to be sent to mock
                 // that the send is successful.
-                // Otherwise, WolfSSL perceives that no data is sent and try
+                // Otherwise, TLS perceives that no data is sent and try
                 // to send the same data again, creating a live-lock until
                 // the network is reachable.
                 IOCallbackResult::Ok(buf.len())

lightway-client/src/lib.rs

@@ -41,7 +41,7 @@ use crate::keepalive::Config as KeepaliveConfig;
 #[cfg(desktop)]
 use crate::route_manager::{RouteManager, RouteMode};
 #[cfg(feature = "debug")]
-use lightway_app_utils::wolfssl_tracing_callback;
+use lightway_app_utils::tls_tracing_callback;
 #[cfg(batch_receive)]
 use lightway_core::MAX_IO_BATCH_SIZE;
 pub use lightway_core::{
@@ -263,7 +263,7 @@ pub struct ClientConfig<'cert, ExtAppState: Send + Sync> {
     #[educe(Debug(ignore))]
     pub best_connection_selected_signal: Option<oneshot::Sender<BestConnectionInfo>>,
 
-    /// Enable WolfSsl debugging
+    /// Enable TLS debugging
     #[cfg(feature = "debug")]
     pub tls_debug: bool,
 
@@ -843,7 +843,7 @@ pub async fn connect<
 
     #[cfg(feature = "debug")]
     if config.tls_debug {
-        set_logging_callback(Some(wolfssl_tracing_callback));
+        set_logging_callback(Some(tls_tracing_callback));
     }
 
     let (inside_io_codec, encoded_pkt_receiver, decoded_pkt_receiver) =

lightway-client/src/main.rs

@@ -119,7 +119,7 @@ async fn main() -> Result<()> {
 
     let mut config = Config::default();
     // NOTE:
-    // RootCertificate of wolfssl is not a self handled Struct
+    // RootCertificate of TLS library is not a self handled Struct
     // we need keep the PathBuf live outside
     let mut _root_ca_cert_path: Option<PathBuf> = None;
 

lightway-client/src/mobile.rs

@@ -70,10 +70,10 @@ fn get_lightway_client_hash() -> String {
     env!("GIT_HASH").to_string()
 }
 
-/// Get the version for WolfSSL
+/// Get the version for TLS library
 #[cfg_attr(not(feature = "mobile-test"), uniffi::export)]
-fn get_wolfssl_version() -> String {
-    lightway_core::wolfssl::get_wolfssl_version_string().to_string()
+fn get_tls_library_version() -> String {
+    lightway_core::tls::get_version_string().to_string()
 }
 
 /// Sets up a global default logging bridge between Rust and the mobile app, while