| Index: net/quic/core/crypto/quic_crypto_server_config.cc
|
| diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc
|
| index 527cced5e37fcfcc32fc29b9a5d28f0fd3c540dd..106a6eed9d209c10f301b139f0966490517e6256 100644
|
| --- a/net/quic/core/crypto/quic_crypto_server_config.cc
|
| +++ b/net/quic/core/crypto/quic_crypto_server_config.cc
|
| @@ -744,6 +744,12 @@ void QuicCryptoServerConfig::ProcessClientHello(
|
| CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
|
| // No need to get a new proof if one was already generated.
|
| if (!crypto_proof->chain) {
|
| + const QuicTag* tag_ptr;
|
| + size_t num_tags;
|
| + QuicTagVector connection_options;
|
| + if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
|
| + connection_options.assign(tag_ptr, tag_ptr + num_tags);
|
| + }
|
| if (FLAGS_enable_async_get_proof) {
|
| std::unique_ptr<ProcessClientHelloCallback> cb(
|
| new ProcessClientHelloCallback(
|
| @@ -755,15 +761,15 @@ void QuicCryptoServerConfig::ProcessClientHello(
|
| primary_config, std::move(done_cb)));
|
| proof_source_->GetProof(server_ip, info.sni.as_string(),
|
| primary_config->serialized, version, chlo_hash,
|
| - std::move(cb));
|
| + connection_options, std::move(cb));
|
| helper.DetachCallback();
|
| return;
|
| }
|
|
|
| - if (!proof_source_->GetProof(server_ip, info.sni.as_string(),
|
| - primary_config->serialized, version, chlo_hash,
|
| - &crypto_proof->chain, &crypto_proof->signature,
|
| - &crypto_proof->cert_sct)) {
|
| + if (!proof_source_->GetProof(
|
| + server_ip, info.sni.as_string(), primary_config->serialized,
|
| + version, chlo_hash, connection_options, &crypto_proof->chain,
|
| + &crypto_proof->signature, &crypto_proof->cert_sct)) {
|
| helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof.");
|
| return;
|
| }
|
| @@ -1314,6 +1320,12 @@ void QuicCryptoServerConfig::EvaluateClientHello(
|
| CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
|
| bool need_proof = true;
|
| need_proof = !crypto_proof->chain;
|
| + const QuicTag* tag_ptr;
|
| + size_t num_tags;
|
| + QuicTagVector connection_options;
|
| + if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
|
| + connection_options.assign(tag_ptr, tag_ptr + num_tags);
|
| + }
|
| if (FLAGS_enable_async_get_proof) {
|
| if (need_proof) {
|
| // Make an async call to GetProof and setup the callback to trampoline
|
| @@ -1325,7 +1337,7 @@ void QuicCryptoServerConfig::EvaluateClientHello(
|
| std::move(done_cb)));
|
| proof_source_->GetProof(server_ip, info->sni.as_string(),
|
| serialized_config, version, chlo_hash,
|
| - std::move(cb));
|
| + connection_options, std::move(cb));
|
| helper.DetachCallback();
|
| return;
|
| }
|
| @@ -1333,10 +1345,10 @@ void QuicCryptoServerConfig::EvaluateClientHello(
|
|
|
| // No need to get a new proof if one was already generated.
|
| if (need_proof &&
|
| - !proof_source_->GetProof(server_ip, info->sni.as_string(),
|
| - serialized_config, version, chlo_hash,
|
| - &crypto_proof->chain, &crypto_proof->signature,
|
| - &crypto_proof->cert_sct)) {
|
| + !proof_source_->GetProof(
|
| + server_ip, info->sni.as_string(), serialized_config, version,
|
| + chlo_hash, connection_options, &crypto_proof->chain,
|
| + &crypto_proof->signature, &crypto_proof->cert_sct)) {
|
| get_proof_failed = true;
|
| }
|
|
|
| @@ -1473,6 +1485,7 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| QuicCompressedCertsCache* compressed_certs_cache,
|
| const QuicCryptoNegotiatedParameters& params,
|
| const CachedNetworkParameters* cached_network_params,
|
| + const QuicTagVector& connection_options,
|
| CryptoHandshakeMessage* out) const {
|
| string serialized;
|
| string source_address_token;
|
| @@ -1498,7 +1511,8 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| string signature;
|
| string cert_sct;
|
| if (!proof_source_->GetProof(server_ip, params.sni, serialized, version,
|
| - chlo_hash, &chain, &signature, &cert_sct)) {
|
| + chlo_hash, connection_options, &chain,
|
| + &signature, &cert_sct)) {
|
| DVLOG(1) << "Server: failed to get proof.";
|
| return false;
|
| }
|
| @@ -1531,6 +1545,7 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| QuicCompressedCertsCache* compressed_certs_cache,
|
| const QuicCryptoNegotiatedParameters& params,
|
| const CachedNetworkParameters* cached_network_params,
|
| + const QuicTagVector& connection_options,
|
| std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const {
|
| string serialized;
|
| string source_address_token;
|
| @@ -1555,7 +1570,7 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| std::move(message), std::move(cb)));
|
|
|
| proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash,
|
| - std::move(proof_source_cb));
|
| + connection_options, std::move(proof_source_cb));
|
| }
|
|
|
| QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
|
|
|
Chromium Code Reviews
Issue 2461333003:
Add connection_options argument to ProofSource::GetProof (Closed)
