deprecating gfe2_reloadable_flag_use_early_return_when_verifying_chlo

net/quic/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 1025 matching lines @@
     info->reject_reasons.push_back(SERVER_CONFIG_INCHOATE_HELLO_FAILURE);
     // Report no client nonce as INCHOATE_HELLO_FAILURE.
     helper.ValidationComplete(QUIC_NO_ERROR, "");
     return;
   }
 
   bool found_error = false;
   if (source_address_token_error != HANDSHAKE_OK) {
     info->reject_reasons.push_back(source_address_token_error);
     // No valid source address token.
-    if (FLAGS_use_early_return_when_verifying_chlo) {
-      helper.ValidationComplete(QUIC_NO_ERROR, "");
-      return;
-    }
     found_error = true;
   }
 
   if (version > QUIC_VERSION_25) {
     bool x509_supported = false;
     bool x509_ecdsa_supported = false;
     ParseProofDemand(client_hello, &x509_supported, &x509_ecdsa_supported);
     string serialized_config = primary_config->serialized;
     string chlo_hash;
     CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
     if (!proof_source_->GetProof(
             server_ip, info->sni.as_string(), serialized_config, version,
             chlo_hash, x509_ecdsa_supported, &crypto_proof->chain,
             &crypto_proof->signature, &crypto_proof->cert_sct)) {
       found_error = true;
       info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
     }
 
     if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) {
       found_error = true;
       info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE);
     }
   }
 
   if (info->client_nonce.size() != kNonceSize) {
     info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
     // Invalid client nonce.
     LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString();
     DVLOG(1) << "Invalid client nonce.";
-    if (FLAGS_use_early_return_when_verifying_chlo) {
-      helper.ValidationComplete(QUIC_NO_ERROR, "");
-      return;
-    }
     found_error = true;
   }
 
   // Server nonce is optional, and used for key derivation if present.
   client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
 
   if (version > QUIC_VERSION_32) {
     DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_33 and higher.";
     // If the server nonce is empty and we're requiring handshake confirmation
     // for DoS reasons then we must reject the CHLO.
@@ skipping 736 matching lines @@
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() {
   STLDeleteElements(&key_exchanges);
 }
 
 QuicCryptoProof::QuicCryptoProof() {}
 QuicCryptoProof::~QuicCryptoProof() {}
 }  // namespace net