| Index: net/quic/crypto/quic_crypto_server_config.cc
|
| diff --git a/net/quic/crypto/quic_crypto_server_config.cc b/net/quic/crypto/quic_crypto_server_config.cc
|
| index ec88594c949c6cdec554257703d192a92de2b0fe..66453a7921be56e9ab479c8ab191c17ce63d1bae 100644
|
| --- a/net/quic/crypto/quic_crypto_server_config.cc
|
| +++ b/net/quic/crypto/quic_crypto_server_config.cc
|
| @@ -603,7 +603,7 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
|
| !info.client_nonce_well_formed ||
|
| !info.unique ||
|
| !requested_config.get()) {
|
| - BuildRejection(*primary_config, client_hello, info, rand, out);
|
| + BuildRejection(*primary_config, client_hello, info, rand, params, out);
|
| return QUIC_NO_ERROR;
|
| }
|
|
|
| @@ -1039,11 +1039,50 @@ void QuicCryptoServerConfig::EvaluateClientHello(
|
| helper.StartedAsyncCallback();
|
| }
|
|
|
| +bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
|
| + const IPEndPoint& client_ip,
|
| + const QuicClock* clock,
|
| + QuicRandom* rand,
|
| + const QuicCryptoNegotiatedParameters& params,
|
| + CryptoHandshakeMessage* out) const {
|
| + base::AutoLock locked(configs_lock_);
|
| + out->set_tag(kSCUP);
|
| + out->SetStringPiece(kSCFG, primary_config_->serialized);
|
| + out->SetStringPiece(kSourceAddressTokenTag,
|
| + NewSourceAddressToken(*primary_config_,
|
| + client_ip,
|
| + rand,
|
| + clock->WallNow()));
|
| +
|
| + if (proof_source_ == NULL) {
|
| + // Insecure QUIC, can send SCFG without proof.
|
| + return true;
|
| + }
|
| +
|
| + const vector<string>* certs;
|
| + string signature;
|
| + if (!proof_source_->GetProof(params.sni, primary_config_->serialized,
|
| + params.x509_ecdsa_supported, &certs,
|
| + &signature)) {
|
| + DVLOG(1) << "Server: failed to get proof.";
|
| + return false;
|
| + }
|
| +
|
| + const string compressed = CertCompressor::CompressChain(
|
| + *certs, params.client_common_set_hashes, params.client_cached_cert_hashes,
|
| + primary_config_->common_cert_sets);
|
| +
|
| + out->SetStringPiece(kCertificateTag, compressed);
|
| + out->SetStringPiece(kPROF, signature);
|
| + return true;
|
| +}
|
| +
|
| void QuicCryptoServerConfig::BuildRejection(
|
| const Config& config,
|
| const CryptoHandshakeMessage& client_hello,
|
| const ClientHelloInfo& info,
|
| QuicRandom* rand,
|
| + QuicCryptoNegotiatedParameters *params,
|
| CryptoHandshakeMessage* out) const {
|
| out->set_tag(kREJ);
|
| out->SetStringPiece(kSCFG, config.serialized);
|
| @@ -1074,12 +1113,12 @@ void QuicCryptoServerConfig::BuildRejection(
|
| return;
|
| }
|
|
|
| - bool x509_supported = false, x509_ecdsa_supported = false;
|
| + bool x509_supported = false;
|
| for (size_t i = 0; i < num_their_proof_demands; i++) {
|
| switch (their_proof_demands[i]) {
|
| case kX509:
|
| x509_supported = true;
|
| - x509_ecdsa_supported = true;
|
| + params->x509_ecdsa_supported = true;
|
| break;
|
| case kX59R:
|
| x509_supported = true;
|
| @@ -1094,18 +1133,17 @@ void QuicCryptoServerConfig::BuildRejection(
|
| const vector<string>* certs;
|
| string signature;
|
| if (!proof_source_->GetProof(info.sni.as_string(), config.serialized,
|
| - x509_ecdsa_supported, &certs, &signature)) {
|
| + params->x509_ecdsa_supported, &certs,
|
| + &signature)) {
|
| return;
|
| }
|
|
|
| - StringPiece their_common_set_hashes;
|
| - StringPiece their_cached_cert_hashes;
|
| - client_hello.GetStringPiece(kCCS, &their_common_set_hashes);
|
| - client_hello.GetStringPiece(kCCRT, &their_cached_cert_hashes);
|
| + client_hello.GetStringPiece(kCCS, &(params->client_common_set_hashes));
|
| + client_hello.GetStringPiece(kCCRT, &(params->client_cached_cert_hashes));
|
|
|
| const string compressed = CertCompressor::CompressChain(
|
| - *certs, their_common_set_hashes, their_cached_cert_hashes,
|
| - config.common_cert_sets);
|
| + *certs, params->client_common_set_hashes,
|
| + params->client_cached_cert_hashes, config.common_cert_sets);
|
|
|
| // kREJOverheadBytes is a very rough estimate of how much of a REJ
|
| // message is taken up by things other than the certificates.
|
|
|
Chromium Code Reviews
Issue 449273002:
Along with sending the SCUP message, this CL includes small fixes which (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@Trigger_QUIC_tracegraf_72571464