| Index: net/quic/core/crypto/quic_crypto_server_config.cc
|
| diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc
|
| index 440eecdf83bf0fd94038fc679e0528cf95c638d3..e4c0bca19f80f799797a32a1414451233cc683d9 100644
|
| --- a/net/quic/core/crypto/quic_crypto_server_config.cc
|
| +++ b/net/quic/core/crypto/quic_crypto_server_config.cc
|
| @@ -698,31 +698,19 @@ void QuicCryptoServerConfig::ProcessClientHello(
|
| if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
|
| connection_options.assign(tag_ptr, tag_ptr + num_tags);
|
| }
|
| - if (FLAGS_quic_reloadable_flag_enable_async_get_proof) {
|
| - std::unique_ptr<ProcessClientHelloCallback> cb(
|
| - new ProcessClientHelloCallback(
|
| - this, validate_chlo_result, reject_only, connection_id,
|
| - client_address, version, supported_versions,
|
| - use_stateless_rejects, server_designated_connection_id, clock,
|
| - rand, compressed_certs_cache, params, signed_config,
|
| - total_framing_overhead, chlo_packet_size, requested_config,
|
| - primary_config, std::move(done_cb)));
|
| - proof_source_->GetProof(server_address, info.sni.as_string(),
|
| - primary_config->serialized, version, chlo_hash,
|
| - connection_options, std::move(cb));
|
| - helper.DetachCallback();
|
| - return;
|
| - }
|
| -
|
| - QuicCryptoProof proof;
|
| - if (!proof_source_->GetProof(server_address, info.sni.as_string(),
|
| - primary_config->serialized, version, chlo_hash,
|
| - connection_options, &signed_config->chain,
|
| - &proof)) {
|
| - helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof.");
|
| - return;
|
| - }
|
| - signed_config->proof = proof;
|
| + std::unique_ptr<ProcessClientHelloCallback> cb(
|
| + new ProcessClientHelloCallback(
|
| + this, validate_chlo_result, reject_only, connection_id,
|
| + client_address, version, supported_versions, use_stateless_rejects,
|
| + server_designated_connection_id, clock, rand,
|
| + compressed_certs_cache, params, signed_config,
|
| + total_framing_overhead, chlo_packet_size, requested_config,
|
| + primary_config, std::move(done_cb)));
|
| + proof_source_->GetProof(server_address, info.sni.as_string(),
|
| + primary_config->serialized, version, chlo_hash,
|
| + connection_options, std::move(cb));
|
| + helper.DetachCallback();
|
| + return;
|
| }
|
|
|
| helper.DetachCallback();
|
| @@ -1275,34 +1263,20 @@ void QuicCryptoServerConfig::EvaluateClientHello(
|
| if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
|
| connection_options.assign(tag_ptr, tag_ptr + num_tags);
|
| }
|
| - if (FLAGS_quic_reloadable_flag_enable_async_get_proof) {
|
| - if (need_proof) {
|
| - // Make an async call to GetProof and setup the callback to trampoline
|
| - // back into EvaluateClientHelloAfterGetProof
|
| - std::unique_ptr<EvaluateClientHelloCallback> cb(
|
| - new EvaluateClientHelloCallback(
|
| - *this, found_error, server_address.host(), version,
|
| - requested_config, primary_config, signed_config,
|
| - client_hello_state, std::move(done_cb)));
|
| - proof_source_->GetProof(server_address, info->sni.as_string(),
|
| - serialized_config, version, chlo_hash,
|
| - connection_options, std::move(cb));
|
| - helper.DetachCallback();
|
| - return;
|
| - }
|
| - }
|
|
|
| - // No need to get a new proof if one was already generated.
|
| if (need_proof) {
|
| - QuicCryptoProof proof;
|
| -
|
| - if (proof_source_->GetProof(
|
| - server_address, info->sni.as_string(), serialized_config, version,
|
| - chlo_hash, connection_options, &signed_config->chain, &proof)) {
|
| - signed_config->proof = proof;
|
| - } else {
|
| - get_proof_failed = true;
|
| - }
|
| + // Make an async call to GetProof and setup the callback to trampoline
|
| + // back into EvaluateClientHelloAfterGetProof
|
| + std::unique_ptr<EvaluateClientHelloCallback> cb(
|
| + new EvaluateClientHelloCallback(
|
| + *this, found_error, server_address.host(), version,
|
| + requested_config, primary_config, signed_config, client_hello_state,
|
| + std::move(done_cb)));
|
| + proof_source_->GetProof(server_address, info->sni.as_string(),
|
| + serialized_config, version, chlo_hash,
|
| + connection_options, std::move(cb));
|
| + helper.DetachCallback();
|
| + return;
|
| }
|
|
|
| // Details are null because the synchronous version of GetProof does not
|
| @@ -1361,65 +1335,6 @@ void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof(
|
| helper.ValidationComplete(QUIC_NO_ERROR, "", std::move(proof_source_details));
|
| }
|
|
|
| -bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| - QuicVersion version,
|
| - StringPiece chlo_hash,
|
| - const SourceAddressTokens& previous_source_address_tokens,
|
| - const QuicSocketAddress& server_address,
|
| - const QuicIpAddress& client_ip,
|
| - const QuicClock* clock,
|
| - QuicRandom* rand,
|
| - QuicCompressedCertsCache* compressed_certs_cache,
|
| - const QuicCryptoNegotiatedParameters& params,
|
| - const CachedNetworkParameters* cached_network_params,
|
| - const QuicTagVector& connection_options,
|
| - CryptoHandshakeMessage* out) const {
|
| - string serialized;
|
| - string source_address_token;
|
| - QuicWallTime expiry_time = QuicWallTime::Zero();
|
| - const CommonCertSets* common_cert_sets;
|
| - {
|
| - QuicReaderMutexLock locked(&configs_lock_);
|
| - serialized = primary_config_->serialized;
|
| - common_cert_sets = primary_config_->common_cert_sets;
|
| - expiry_time = primary_config_->expiry_time;
|
| - source_address_token = NewSourceAddressToken(
|
| - *primary_config_, previous_source_address_tokens, client_ip, rand,
|
| - clock->WallNow(), cached_network_params);
|
| - }
|
| -
|
| - out->set_tag(kSCUP);
|
| - out->SetStringPiece(kSCFG, serialized);
|
| - out->SetStringPiece(kSourceAddressTokenTag, source_address_token);
|
| - out->SetValue(kSTTL,
|
| - expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds());
|
| -
|
| - QuicReferenceCountedPointer<ProofSource::Chain> chain;
|
| - QuicCryptoProof proof;
|
| - if (!proof_source_->GetProof(server_address, params.sni, serialized, version,
|
| - chlo_hash, connection_options, &chain, &proof)) {
|
| - QUIC_DVLOG(1) << "Server: failed to get proof.";
|
| - return false;
|
| - }
|
| -
|
| - const string compressed = CompressChain(
|
| - compressed_certs_cache, chain, params.client_common_set_hashes,
|
| - params.client_cached_cert_hashes, common_cert_sets);
|
| -
|
| - out->SetStringPiece(kCertificateTag, compressed);
|
| - out->SetStringPiece(kPROF, proof.signature);
|
| - if (params.sct_supported_by_client && enable_serving_sct_) {
|
| - if (proof.leaf_cert_scts.empty()) {
|
| - QUIC_LOG_EVERY_N_SEC(WARNING, 60)
|
| - << "SCT is expected but it is empty. sni: " << params.sni
|
| - << " server_address: " << server_address.ToString();
|
| - } else {
|
| - out->SetStringPiece(kCertificateSCTTag, proof.leaf_cert_scts);
|
| - }
|
| - }
|
| - return true;
|
| -}
|
| -
|
| void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| QuicVersion version,
|
| StringPiece chlo_hash,
|
|
|
Chromium Code Reviews
Issue 2679783003:
Deprecate FLAGS_quic_reloadable_flag_enable_async_get_proof (Closed)
