RFC 216: webtransport_h3_cert_hash_test_server (#216)

martenrichter · Ms2ger · web-flow · commit 16fd2eec5f9e · 2025-03-04T16:45:49.000Z
* RFC 215: webtransport_h3_cert_hash_test_server

* Update rfcs/webtransport_h3_cert_hash_test_server.md

---------

Co-authored-by: Ms2ger &lt;Ms2ger@gmail.com&gt;
diff --git a/rfcs/webtransport_h3_cert_hash_test_server.md b/rfcs/webtransport_h3_cert_hash_test_server.md
@@ -0,0 +1,29 @@
+# RFC 216: WebTransport over HTTP/3 Test Server that uses a self-signed certificate for authentication with serverCertificateHashes
+
+## Summary
+
+Start another instance of the [WebTransport over HTTP/3](https://datatracker.ietf.org/doc/html/draft-ietf-webtrans-http3-01) server in [RFC 85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md) in wpt, that uses instead of the standard certificate a self-signed certificate. The hash of the certificate is passed to the test defined. The certificate is autogenerated at the startup of the wpt tests within the python code.
+
+## Details
+
+### Implementation
+
+It is a slight modification of the server from [RFC 85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md) in the `tools/webtransport` directory.
+The implementation uses the `cryptography` lib for certificate generation, that is already used by wpt through the `aioquic` lib. 
+
+### Handlers
+See [RFC 85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md) for details.
+
+### `wptserve` integration
+
+See [RFC 85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md) for details.
+
+A server certificate hash is autogenerated within the python code in `environment.py`. It is passed as part of the config (property `cert_hash_info`) to the tests. The tests can access the server certificate hash as `server_certificate_hash` inside the javascript templates.
+
+### Dependencies
+
+As of writing this RFC, the only dependency are `aioquic` as in RFC 85 and `cryptography`, which is already a dependency of `aioquic`.
+
+## Risks
+
+Risks are similar to [RFC #85](https://github.com/web-platform-tests/rfcs/blob/master/rfcs/webtransport_h3_test_server.md#risks), as it is a minimal modification of RFC 85, so that maintenance cost increase is neglible.
