| Index: net/quic/crypto/quic_crypto_server_config.cc
|
| diff --git a/net/quic/crypto/quic_crypto_server_config.cc b/net/quic/crypto/quic_crypto_server_config.cc
|
| index 3b59df4882c732515f225cde40a841237885192e..134feaba53cd6a52c99edac03566933a6e5cc05a 100644
|
| --- a/net/quic/crypto/quic_crypto_server_config.cc
|
| +++ b/net/quic/crypto/quic_crypto_server_config.cc
|
| @@ -1160,6 +1160,7 @@ void QuicCryptoServerConfig::EvaluateClientHello(
|
|
|
| bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| QuicVersion version,
|
| + StringPiece chlo_hash,
|
| const SourceAddressTokens& previous_source_address_tokens,
|
| const IPAddress& server_ip,
|
| const IPAddress& client_ip,
|
| @@ -1181,12 +1182,22 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| scoped_refptr<ProofSource::Chain> chain;
|
| string signature;
|
| string cert_sct;
|
| - if (!proof_source_->GetProof(server_ip, params.sni,
|
| - primary_config_->serialized, version,
|
| - params.client_nonce, params.x509_ecdsa_supported,
|
| - &chain, &signature, &cert_sct)) {
|
| - DVLOG(1) << "Server: failed to get proof.";
|
| - return false;
|
| + if (FLAGS_quic_use_hash_in_scup) {
|
| + if (!proof_source_->GetProof(server_ip, params.sni,
|
| + primary_config_->serialized, version,
|
| + chlo_hash, params.x509_ecdsa_supported, &chain,
|
| + &signature, &cert_sct)) {
|
| + DVLOG(1) << "Server: failed to get proof.";
|
| + return false;
|
| + }
|
| + } else {
|
| + if (!proof_source_->GetProof(
|
| + server_ip, params.sni, primary_config_->serialized, version,
|
| + params.client_nonce, params.x509_ecdsa_supported, &chain,
|
| + &signature, &cert_sct)) {
|
| + DVLOG(1) << "Server: failed to get proof.";
|
| + return false;
|
| + }
|
| }
|
|
|
| const string compressed = CompressChain(
|
|
|
Chromium Code Reviews
Issue 1986193002:
Fix bug in QUIC SCUP message generation in which the client nonce was used in place of the CHLO has… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@121962941