Index: net/quic/core/crypto/quic_crypto_server_config.cc |
diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc |
index fa8df9c5d25606008c50e377636e6c5cf57e64fb..27cc291890a44bdf158202904a647dc4064cfb3f 100644 |
--- a/net/quic/core/crypto/quic_crypto_server_config.cc |
+++ b/net/quic/core/crypto/quic_crypto_server_config.cc |
@@ -1327,7 +1327,9 @@ void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
} |
- if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) { |
+ if (signed_config->chain != nullptr && |
+ !ValidateExpectedLeafCertificate(client_hello, |
+ signed_config->chain->certs)) { |
info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); |
} |
@@ -1986,8 +1988,8 @@ string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, |
bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
const CryptoHandshakeMessage& client_hello, |
- const QuicSignedServerConfig& signed_config) const { |
- if (signed_config.chain->certs.empty()) { |
+ const std::vector<string>& certs) const { |
+ if (certs.empty()) { |
return false; |
} |
@@ -1995,8 +1997,7 @@ bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { |
return false; |
} |
- return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) == |
- hash_from_client; |
+ return CryptoUtils::ComputeLeafCertHash(certs.at(0)) == hash_from_client; |
} |
bool QuicCryptoServerConfig::ClientDemandsX509Proof( |