Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(635)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_client_config.cc

Issue 188333003: Land Recent QUIC Changes. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix compilation error - added NET_EXPORT_PRIVATE to QuicFixedUint32 Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_client_config.h" 5 #include "net/quic/crypto/quic_crypto_client_config.h"
6 6
7 #include "base/stl_util.h" 7 #include "base/stl_util.h"
8 #include "net/quic/crypto/cert_compressor.h" 8 #include "net/quic/crypto/cert_compressor.h"
9 #include "net/quic/crypto/channel_id.h" 9 #include "net/quic/crypto/channel_id.h"
10 #include "net/quic/crypto/common_cert_set.h" 10 #include "net/quic/crypto/common_cert_set.h"
(...skipping 629 matching lines...) Expand 10 before | Expand all | Expand 10 after
640 DCHECK(error_details != NULL); 640 DCHECK(error_details != NULL);
641 641
642 if (server_hello.tag() != kSHLO) { 642 if (server_hello.tag() != kSHLO) {
643 *error_details = "Bad tag"; 643 *error_details = "Bad tag";
644 return QUIC_INVALID_CRYPTO_MESSAGE_TYPE; 644 return QUIC_INVALID_CRYPTO_MESSAGE_TYPE;
645 } 645 }
646 646
647 const QuicTag* supported_version_tags; 647 const QuicTag* supported_version_tags;
648 size_t num_supported_versions; 648 size_t num_supported_versions;
649 649
650 // TODO(rch): Make it a failure if the server does not have a version list.
651 if (server_hello.GetTaglist(kVER, &supported_version_tags, 650 if (server_hello.GetTaglist(kVER, &supported_version_tags,
652 &num_supported_versions) == QUIC_NO_ERROR) { 651 &num_supported_versions) != QUIC_NO_ERROR) {
653 if (!negotiated_versions.empty()) { 652 *error_details = "server hello missing version list";
654 bool mismatch = num_supported_versions != negotiated_versions.size(); 653 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
655 for (size_t i = 0; i < num_supported_versions && !mismatch; ++i) { 654 }
656 mismatch = QuicTagToQuicVersion(supported_version_tags[i]) != 655 if (!negotiated_versions.empty()) {
657 negotiated_versions[i]; 656 bool mismatch = num_supported_versions != negotiated_versions.size();
658 } 657 for (size_t i = 0; i < num_supported_versions && !mismatch; ++i) {
659 // The server sent a list of supported versions, and the connection 658 mismatch = QuicTagToQuicVersion(supported_version_tags[i]) !=
660 // reports that there was a version negotiation during the handshake. 659 negotiated_versions[i];
660 }
661 // The server sent a list of supported versions, and the connection
662 // reports that there was a version negotiation during the handshake.
661 // Ensure that these two lists are identical. 663 // Ensure that these two lists are identical.
662 if (mismatch) { 664 if (mismatch) {
663 *error_details = "Downgrade attack detected"; 665 *error_details = "Downgrade attack detected";
664 return QUIC_VERSION_NEGOTIATION_MISMATCH; 666 return QUIC_VERSION_NEGOTIATION_MISMATCH;
665 }
666 } 667 }
667 } 668 }
668 669
669 // Learn about updated source address tokens. 670 // Learn about updated source address tokens.
670 StringPiece token; 671 StringPiece token;
671 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) { 672 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) {
672 cached->set_source_address_token(token); 673 cached->set_source_address_token(token);
673 } 674 }
674 675
675 // TODO(agl): 676 // TODO(agl):
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
727 CachedState* canonical_cached = 728 CachedState* canonical_cached =
728 canonical_crypto_config->LookupOrCreate(canonical_server_hostname); 729 canonical_crypto_config->LookupOrCreate(canonical_server_hostname);
729 if (!canonical_cached->proof_valid()) { 730 if (!canonical_cached->proof_valid()) {
730 return; 731 return;
731 } 732 }
732 CachedState* cached = LookupOrCreate(server_hostname); 733 CachedState* cached = LookupOrCreate(server_hostname);
733 cached->InitializeFrom(*canonical_cached); 734 cached->InitializeFrom(*canonical_cached);
734 } 735 }
735 736
736 } // namespace net 737 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698