| Index: net/quic/core/crypto/quic_crypto_client_config.cc
|
| diff --git a/net/quic/core/crypto/quic_crypto_client_config.cc b/net/quic/core/crypto/quic_crypto_client_config.cc
|
| index 3385491a630017c6c0165770c2883422467434b1..cd9c7783a72f81e233157c37acbea7162e9997eb 100644
|
| --- a/net/quic/core/crypto/quic_crypto_client_config.cc
|
| +++ b/net/quic/core/crypto/quic_crypto_client_config.cc
|
| @@ -143,6 +143,7 @@ bool QuicCryptoClientConfig::CachedState::has_server_nonce() const {
|
| QuicCryptoClientConfig::CachedState::ServerConfigState
|
| QuicCryptoClientConfig::CachedState::SetServerConfig(StringPiece server_config,
|
| QuicWallTime now,
|
| + QuicWallTime expiry_time,
|
| string* error_details) {
|
| const bool matches_existing = server_config == server_config_;
|
|
|
| @@ -163,12 +164,16 @@ QuicCryptoClientConfig::CachedState::SetServerConfig(StringPiece server_config,
|
| return SERVER_CONFIG_INVALID;
|
| }
|
|
|
| - uint64_t expiry_seconds;
|
| - if (new_scfg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR) {
|
| - *error_details = "SCFG missing EXPY";
|
| - return SERVER_CONFIG_INVALID_EXPIRY;
|
| + if (expiry_time.IsZero()) {
|
| + uint64_t expiry_seconds;
|
| + if (new_scfg->GetUint64(kEXPY, &expiry_seconds) != QUIC_NO_ERROR) {
|
| + *error_details = "SCFG missing EXPY";
|
| + return SERVER_CONFIG_INVALID_EXPIRY;
|
| + }
|
| + expiration_time_ = QuicWallTime::FromUNIXSeconds(expiry_seconds);
|
| + } else {
|
| + expiration_time_ = expiry_time;
|
| }
|
| - expiration_time_ = QuicWallTime::FromUNIXSeconds(expiry_seconds);
|
|
|
| if (now.IsAfter(expiration_time_)) {
|
| *error_details = "SCFG has expired";
|
| @@ -258,7 +263,8 @@ bool QuicCryptoClientConfig::CachedState::Initialize(
|
| StringPiece cert_sct,
|
| StringPiece chlo_hash,
|
| StringPiece signature,
|
| - QuicWallTime now) {
|
| + QuicWallTime now,
|
| + QuicWallTime expiration_time) {
|
| DCHECK(server_config_.empty());
|
|
|
| if (server_config.empty()) {
|
| @@ -267,7 +273,8 @@ bool QuicCryptoClientConfig::CachedState::Initialize(
|
| }
|
|
|
| string error_details;
|
| - ServerConfigState state = SetServerConfig(server_config, now, &error_details);
|
| + ServerConfigState state =
|
| + SetServerConfig(server_config, now, expiration_time, &error_details);
|
| RecordDiskCacheServerConfigState(state);
|
| if (state != SERVER_CONFIG_VALID) {
|
| DVLOG(1) << "SetServerConfig failed with " << error_details;
|
| @@ -346,6 +353,7 @@ void QuicCryptoClientConfig::CachedState::InitializeFrom(
|
| server_config_sig_ = other.server_config_sig_;
|
| server_config_valid_ = other.server_config_valid_;
|
| server_designated_connection_ids_ = other.server_designated_connection_ids_;
|
| + expiration_time_ = other.expiration_time_;
|
| if (other.proof_verify_details_.get() != nullptr) {
|
| proof_verify_details_.reset(other.proof_verify_details_->Clone());
|
| }
|
| @@ -729,8 +737,14 @@ QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig(
|
| return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND;
|
| }
|
|
|
| + QuicWallTime expiration_time = QuicWallTime::Zero();
|
| + uint64_t expiry_seconds;
|
| + if (message.GetUint64(kSTTL, &expiry_seconds) == QUIC_NO_ERROR) {
|
| + expiration_time = now.Add(QuicTime::Delta::FromSeconds(expiry_seconds));
|
| + }
|
| +
|
| CachedState::ServerConfigState state =
|
| - cached->SetServerConfig(scfg, now, error_details);
|
| + cached->SetServerConfig(scfg, now, expiration_time, error_details);
|
| if (state == CachedState::SERVER_CONFIG_EXPIRED) {
|
| return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED;
|
| }
|
|
|
Chromium Code Reviews
Issue 2305513003:
Allow QUIC servers send a TTL for the server config, as opposed to explicit expiration, to mitigate… (Closed)
