Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(47)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 1569853005: relnote: Require QUIC handshakes to require either a valid server nonce or a remote strike register. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@02_CL_111655037
Patch Set: rebase after remove 111628983 Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/quic_crypto_server_config.cc
diff --git a/net/quic/crypto/quic_crypto_server_config.cc b/net/quic/crypto/quic_crypto_server_config.cc
index fc17b739309fd974adb8f7002d34a175de701f08..f2475bad3cb131170a9bd3b3c9b46f12e32aa7f7 100644
--- a/net/quic/crypto/quic_crypto_server_config.cc
+++ b/net/quic/crypto/quic_crypto_server_config.cc
@@ -1142,17 +1142,28 @@ void QuicCryptoServerConfig::EvaluateClientHello(
base::AutoLock locked(strike_register_client_lock_);
if (strike_register_client_.get() == nullptr) {
- strike_register_client_.reset(new LocalStrikeRegisterClient(
- strike_register_max_entries_,
- static_cast<uint32_t>(info->now.ToUNIXSeconds()),
- strike_register_window_secs_, primary_orbit,
- strike_register_no_startup_period_
- ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED
- : StrikeRegister::DENY_REQUESTS_AT_STARTUP));
+ if (!FLAGS_require_strike_register_or_server_nonce) {
+ strike_register_client_.reset(new LocalStrikeRegisterClient(
+ strike_register_max_entries_,
+ static_cast<uint32_t>(info->now.ToUNIXSeconds()),
+ strike_register_window_secs_, primary_orbit,
+ strike_register_no_startup_period_
+ ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED
+ : StrikeRegister::DENY_REQUESTS_AT_STARTUP));
+ }
}
strike_register_client = strike_register_client_.get();
}
+ if (!strike_register_client) {
+ // Either a valid server nonces or a strike register is required.
+ // Since neither are present, reject the handshake which will send a
+ // server nonce to the client.
+ info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
+ helper.ValidationComplete(QUIC_NO_ERROR, "");
+ return;
+ }
+
strike_register_client->VerifyNonceIsValidAndUnique(
info->client_nonce, info->now,
new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb));
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698