[doc] Update README, and add docs/certificates for server certificate verification

author: Henauxg <19689618+Henauxg@users.noreply.github.com> 2022-11-15 17:58:07 +0100
committer: Henauxg <19689618+Henauxg@users.noreply.github.com> 2022-11-15 17:58:07 +0100
commit: 0842b723eaee8da25be4628fb0c583dc6925ec89 (patch)
tree: 2c3cdf6a440bcd2fbd8b574fc2f7b7749a0c1166 /README.md
parent: 6bcc1f2b524d5c2bba78f475b3a6c32b0283e70b (diff)
1 files changed, 23 insertions, 18 deletions
diff --git a/README.md b/README.md
index 4bfaf3d..25afc02 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ A Client/Server game networking plugin using [QUIC](https://www.chromium.org/qui
   - [Quickstart](#quickstart)
     - [Client](#client)
     - [Server](#server)
-  - [Certificates](#certificates)
+  - [Certificates and server authentication](#certificates-and-server-authentication)
   - [Logs](#logs)
   - [Examples](#examples)
     - [Chat example](#chat-example)
@@ -67,7 +67,7 @@ The implementation uses [tokio channels](https://tokio.rs/tokio/tutorial/channel
 
 Those are the features/tasks that will probably come next (in no particular order):
 
-- [ ] Security: More certificates support, see [certificates](#certificates)
+- [x] Security: More certificates support, see [certificates](#certificates)
 - [x] Feature: Send messages from the server to a specific client
 - [x] Feature: Send messages from the server to a selected group of clients
 - [x] Feature: Raise connection/disconnection events from the plugins
@@ -77,7 +77,8 @@ Those are the features/tasks that will probably come next (in no particular orde
 - [ ] Performance: Messages aggregation before sending
 - [ ] Clean: Rework the error handling
 - [x] Clean: Rework the configuration input for the client & server plugins
-- [ ] Documentation: Document the API
+- [ ] Documentation: Fully document the API
+- [ ] Tests: Add tests
 
 ## Quickstart
 
@@ -108,14 +109,8 @@ fn start_connection(client: ResMut<Client>) {
             CertificateVerificationMode::SkipVerification,
         )
         .unwrap();
-
-    // You can already send message(s) even before being connected, they will be buffered.
-    // To be trully connected, you should wait for a ConnectionEvent
-    // or check client.is_connected()
-    client
-        .send_message(...)
-        .unwrap();
-}
+    
+    // When trully connected, you will receive a ConnectionEvent
 ```
 
 - To process server messages, you can use a bevy system such as the one below. The function `receive_message` is generic, here `ServerMessage` is a user provided enum deriving `Serialize` and `Deserialize`.
@@ -197,29 +192,37 @@ fn handle_client_messages(
 
 You can also use `server.broadcast_message`, which will send a message to all connected clients. "Connected" here means connected to the server plugin, which happens before your own app handshakes/verifications if you have any. Use `send_group_message` if you want to control the recipients.
 
-## Certificates
+## Certificates and server authentication
 
 Bevy Quinnet (through Quinn & QUIC) uses TLS 1.3 for authentication, the server needs to provide the client with a certificate confirming its identity, and the client must be configured to trust the certificates it receives from the server.
 
-Here are the current options available to the server and client plugins:
+Here are the current options available to the server and client plugins for the server authentication:
 - Client : 
-    - [x] Skip certificate verification
-    - [ ] "Trust on first use" certificates
-    - [x] Accept certificates issued by a Certificate Authority
+    - [x] Skip certificate verification (messages are still encrypted, but the server is not authentified)
+    - [x] Accept certificates issued by a Certificate Authority (implemented in [Quinn](https://github.com/quinn-rs/quinn), using [rustls](https://github.com/rustls/rustls))
+    - [x] [Trust on first use](https://en.wikipedia.org/wiki/Trust_on_first_use) certificates (implemented in Quinnet, using [rustls](https://github.com/rustls/rustls))
 - Server:
     - [x] Generate and issue a self-signed certificate
     - [x] Issue an already existing certificate (CA or self-signed)
 
-- On the client:
+On the client:
 
 ```rust
     // To accept any certificate
     client.connect(/*...*/, CertificateVerificationMode::SkipVerification);
     // To only accept certificates issued by a Certificate Authority
     client.connect(/*...*/, CertificateVerificationMode::SignedByCertificateAuthority);
+    // To use the default configuration of the Trust on first use authentication scheme
+    client.connect(/*...*/, CertificateVerificationMode::TrustOnFirstUse(TrustOnFirstUseConfig {
+            // You can configure TrustOnFirstUse through the TrustOnFirstUseConfig:
+            // Provide your own fingerprint store variable/file,
+            // or configure the actions to apply for each possible certificate verification status.
+            ..Default::default()
+        }),
+    );
 ```
 
-- On the server:
+On the server:
 
 ```rust
     // To generate a new self-signed certificate on each startup 
@@ -237,6 +240,8 @@ Here are the current options available to the server and client plugins:
     });
 ```
 
+See more about certificates in the [certificates readme](docs/Certificates.md)
+
 ## Logs
 
 For logs configuration, see the unoffical [bevy cheatbook](https://bevy-cheatbook.github.io/features/log.html).
author	Henauxg <19689618+Henauxg@users.noreply.github.com>	2022-11-15 17:58:07 +0100
committer	Henauxg <19689618+Henauxg@users.noreply.github.com>	2022-11-15 17:58:07 +0100
commit	0842b723eaee8da25be4628fb0c583dc6925ec89 (patch)
tree	2c3cdf6a440bcd2fbd8b574fc2f7b7749a0c1166 /README.md
parent	6bcc1f2b524d5c2bba78f475b3a6c32b0283e70b (diff)