Cleanup of OpenSSL/NSS implementation of ProofVerfifier release.

net/quic/crypto/crypto_handshake.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 #define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 
 #include <map>
 #include <string>
 #include <vector>
@@ skipping 250 matching lines @@
 
     // SetProof stores a certificate chain and signature.
     void SetProof(const std::vector<std::string>& certs,
                   base::StringPiece signature);
 
     // SetProofValid records that the certificate chain and signature have been
     // validated and that it's safe to assume that the server is legitimate.
     // (Note: this does not check the chain or signature.)
     void SetProofValid();
 
+    // If the proof has changed then it needs to be revalidated. Helper function

[wtc, 2013/07/03 19:06:58]

"the proof has changed" is just one reason we need to revalidate the proof.
Another reason is that the server config has changed. Of course, a new server
config comes with a new proof, so "the proof has changed" is strictly speaking
still correct, but a little confusing.

I suggest "the server config or the proof has changed".

[ramant (doing other things), 2013/07/03 20:31:35]

Done.

+    // to keep server_config_valid_and generation_counter_ in sync.

[wtc, 2013/07/03 19:06:58]

Nit: server_config_valid_and => server_config_valid_ and

(Needs a space before "and".)

[ramant (doing other things), 2013/07/03 20:31:35]

Done.

+    void SetProofInvalid();
+
     const std::string& server_config() const;
     const std::string& source_address_token() const;
     const std::vector<std::string>& certs() const;
     const std::string& signature() const;
     bool proof_valid() const;
     uint64 generation_counter() const;
 
     void set_source_address_token(base::StringPiece token);
 
    private:
     std::string server_config_id_;      // An opaque id from the server.
     std::string server_config_;         // A serialized handshake message.
     std::string source_address_token_;  // An opaque proof of IP ownership.
     std::vector<std::string> certs_;    // A list of certificates in leaf-first
                                         // order.
     std::string server_config_sig_;     // A signature of |server_config_|.
     bool server_config_valid_;          // True if |server_config_| is correctly
                                         // signed and |certs_| has been
                                         // validated.
-    uint64 generation_counter_;         // Generation counter associated with
-                                        // the |server_config_|, |certs_| and
-                                        // |server_config_sig_| combination.
+    // Generation counter associated with the |server_config_|, |certs_| and
+    // |server_config_sig_| combination. It is incremented whenever we set
+    // server_config_valid_ to false.

[wtc, 2013/07/03 19:06:58]

Nit: it looks a little weird that the comment block style changes. But I guess
it is more convenient to have the full line length available to this comment.

[ramant (doing other things), 2013/07/03 20:31:35]

The above was the reason. Comment was too big.

+    uint64 generation_counter_;
 
     // scfg contains the cached, parsed value of |server_config|.
     mutable scoped_ptr<CryptoHandshakeMessage> scfg_;
   };
 
   QuicCryptoClientConfig();
   ~QuicCryptoClientConfig();
 
   // Sets the members to reasonable, default values.
   void SetDefaults();
@@ skipping 72 matching lines @@
 
   scoped_ptr<ProofVerifier> proof_verifier_;
   scoped_ptr<ChannelIDSigner> channel_id_signer_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_