Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(80)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 1404053002: relnote: Disables strike register lookups when talking QUIC_VERSION_27 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@Remove_unused_supported_versions_103964623
Patch Set: Use a smaller cert and delete the TODO Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_server_config.h" 5 #include "net/quic/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 1022 matching lines...) Expand 10 before | Expand all | Expand 10 after
1033 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); 1033 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
1034 // Invalid client nonce. 1034 // Invalid client nonce.
1035 DVLOG(1) << "Invalid client nonce."; 1035 DVLOG(1) << "Invalid client nonce.";
1036 if (FLAGS_use_early_return_when_verifying_chlo) { 1036 if (FLAGS_use_early_return_when_verifying_chlo) {
1037 helper.ValidationComplete(QUIC_NO_ERROR, ""); 1037 helper.ValidationComplete(QUIC_NO_ERROR, "");
1038 return; 1038 return;
1039 } 1039 }
1040 found_error = true; 1040 found_error = true;
1041 } 1041 }
1042 1042
1043 // Server nonce is optional, and used for key derivation if present.
1044 client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
1045
1046 if (version > QUIC_VERSION_26) {
1047 DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_27 and higher.";
1048 // If the server nonce is empty and we're requiring handshake confirmation
1049 // for DoS reasons then we must reject the CHLO.
1050 if (FLAGS_quic_require_handshake_confirmation &&
1051 info->server_nonce.empty()) {
1052 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
1053 }
1054 helper.ValidationComplete(QUIC_NO_ERROR, "");
1055 return;
1056 }
1057
1043 if (!replay_protection_) { 1058 if (!replay_protection_) {
1044 DVLOG(1) << "No replay protection."; 1059 DVLOG(1) << "No replay protection.";
1045 helper.ValidationComplete(QUIC_NO_ERROR, ""); 1060 helper.ValidationComplete(QUIC_NO_ERROR, "");
1046 return; 1061 return;
1047 } 1062 }
1048 1063
1049 client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
1050 if (!info->server_nonce.empty()) { 1064 if (!info->server_nonce.empty()) {
1051 // If the server nonce is present, use it to establish uniqueness. 1065 // If the server nonce is present, use it to establish uniqueness.
1052 HandshakeFailureReason server_nonce_error = 1066 HandshakeFailureReason server_nonce_error =
1053 ValidateServerNonce(info->server_nonce, info->now); 1067 ValidateServerNonce(info->server_nonce, info->now);
1054 bool is_unique = server_nonce_error == HANDSHAKE_OK; 1068 bool is_unique = server_nonce_error == HANDSHAKE_OK;
1055 if (!is_unique) { 1069 if (!is_unique) {
1056 info->reject_reasons.push_back(server_nonce_error); 1070 info->reject_reasons.push_back(server_nonce_error);
1057 } 1071 }
1058 DVLOG(1) << "Using server nonce, unique: " << is_unique; 1072 DVLOG(1) << "Using server nonce, unique: " << is_unique;
1059 helper.ValidationComplete(QUIC_NO_ERROR, ""); 1073 helper.ValidationComplete(QUIC_NO_ERROR, "");
(...skipping 632 matching lines...) Expand 10 before | Expand all | Expand 10 after
1692 QuicCryptoServerConfig::Config::Config() 1706 QuicCryptoServerConfig::Config::Config()
1693 : channel_id_enabled(false), 1707 : channel_id_enabled(false),
1694 is_primary(false), 1708 is_primary(false),
1695 primary_time(QuicWallTime::Zero()), 1709 primary_time(QuicWallTime::Zero()),
1696 priority(0), 1710 priority(0),
1697 source_address_token_boxer(nullptr) {} 1711 source_address_token_boxer(nullptr) {}
1698 1712
1699 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } 1713 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
1700 1714
1701 } // namespace net 1715 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698