Add TlsServerHandShaker::GetAcceptChValueForOrigin() to configure ACCEPT_CH value.
PiperOrigin-RevId: 353006220
Change-Id: I51f0bba58ca89fea27c6911e910eea9765e2c832
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 2b14657..ebaa0d8 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -512,6 +512,11 @@
TlsHandshaker::SetWriteSecret(level, cipher, write_secret);
}
+std::string TlsServerHandshaker::GetAcceptChValueForOrigin(
+ const std::string& /*origin*/) const {
+ return {};
+}
+
void TlsServerHandshaker::FinishHandshake() {
if (SSL_in_early_data(ssl())) {
// If the server accepts early data, SSL_do_handshake returns success twice:
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 2a09b50..35c70be 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h
@@ -80,6 +80,11 @@
const SSL_CIPHER* cipher,
const std::vector<uint8_t>& write_secret) override;
+ // Called with normalized SNI hostname as |origin|. Return value will be sent
+ // in an ACCEPT_CH frame in the TLS ALPS extension, unless empty.
+ virtual std::string GetAcceptChValueForOrigin(
+ const std::string& origin) const;
+
protected:
// Creates a proof source handle for selecting cert and computing signature.
// Only called when |use_proof_source_handle_| is true.