Index: net/quic/core/crypto/quic_crypto_server_config.cc |
diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc |
index 527cced5e37fcfcc32fc29b9a5d28f0fd3c540dd..106a6eed9d209c10f301b139f0966490517e6256 100644 |
--- a/net/quic/core/crypto/quic_crypto_server_config.cc |
+++ b/net/quic/core/crypto/quic_crypto_server_config.cc |
@@ -744,6 +744,12 @@ void QuicCryptoServerConfig::ProcessClientHello( |
CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
// No need to get a new proof if one was already generated. |
if (!crypto_proof->chain) { |
+ const QuicTag* tag_ptr; |
+ size_t num_tags; |
+ QuicTagVector connection_options; |
+ if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { |
+ connection_options.assign(tag_ptr, tag_ptr + num_tags); |
+ } |
if (FLAGS_enable_async_get_proof) { |
std::unique_ptr<ProcessClientHelloCallback> cb( |
new ProcessClientHelloCallback( |
@@ -755,15 +761,15 @@ void QuicCryptoServerConfig::ProcessClientHello( |
primary_config, std::move(done_cb))); |
proof_source_->GetProof(server_ip, info.sni.as_string(), |
primary_config->serialized, version, chlo_hash, |
- std::move(cb)); |
+ connection_options, std::move(cb)); |
helper.DetachCallback(); |
return; |
} |
- if (!proof_source_->GetProof(server_ip, info.sni.as_string(), |
- primary_config->serialized, version, chlo_hash, |
- &crypto_proof->chain, &crypto_proof->signature, |
- &crypto_proof->cert_sct)) { |
+ if (!proof_source_->GetProof( |
+ server_ip, info.sni.as_string(), primary_config->serialized, |
+ version, chlo_hash, connection_options, &crypto_proof->chain, |
+ &crypto_proof->signature, &crypto_proof->cert_sct)) { |
helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); |
return; |
} |
@@ -1314,6 +1320,12 @@ void QuicCryptoServerConfig::EvaluateClientHello( |
CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
bool need_proof = true; |
need_proof = !crypto_proof->chain; |
+ const QuicTag* tag_ptr; |
+ size_t num_tags; |
+ QuicTagVector connection_options; |
+ if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { |
+ connection_options.assign(tag_ptr, tag_ptr + num_tags); |
+ } |
if (FLAGS_enable_async_get_proof) { |
if (need_proof) { |
// Make an async call to GetProof and setup the callback to trampoline |
@@ -1325,7 +1337,7 @@ void QuicCryptoServerConfig::EvaluateClientHello( |
std::move(done_cb))); |
proof_source_->GetProof(server_ip, info->sni.as_string(), |
serialized_config, version, chlo_hash, |
- std::move(cb)); |
+ connection_options, std::move(cb)); |
helper.DetachCallback(); |
return; |
} |
@@ -1333,10 +1345,10 @@ void QuicCryptoServerConfig::EvaluateClientHello( |
// No need to get a new proof if one was already generated. |
if (need_proof && |
- !proof_source_->GetProof(server_ip, info->sni.as_string(), |
- serialized_config, version, chlo_hash, |
- &crypto_proof->chain, &crypto_proof->signature, |
- &crypto_proof->cert_sct)) { |
+ !proof_source_->GetProof( |
+ server_ip, info->sni.as_string(), serialized_config, version, |
+ chlo_hash, connection_options, &crypto_proof->chain, |
+ &crypto_proof->signature, &crypto_proof->cert_sct)) { |
get_proof_failed = true; |
} |
@@ -1473,6 +1485,7 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
QuicCompressedCertsCache* compressed_certs_cache, |
const QuicCryptoNegotiatedParameters& params, |
const CachedNetworkParameters* cached_network_params, |
+ const QuicTagVector& connection_options, |
CryptoHandshakeMessage* out) const { |
string serialized; |
string source_address_token; |
@@ -1498,7 +1511,8 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
string signature; |
string cert_sct; |
if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, |
- chlo_hash, &chain, &signature, &cert_sct)) { |
+ chlo_hash, connection_options, &chain, |
+ &signature, &cert_sct)) { |
DVLOG(1) << "Server: failed to get proof."; |
return false; |
} |
@@ -1531,6 +1545,7 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
QuicCompressedCertsCache* compressed_certs_cache, |
const QuicCryptoNegotiatedParameters& params, |
const CachedNetworkParameters* cached_network_params, |
+ const QuicTagVector& connection_options, |
std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const { |
string serialized; |
string source_address_token; |
@@ -1555,7 +1570,7 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
std::move(message), std::move(cb))); |
proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash, |
- std::move(proof_source_cb)); |
+ connection_options, std::move(proof_source_cb)); |
} |
QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: |