commit 0f1aa580d2152bd2019aa2436de7486ed7c0b1d3
author bnc <bnc@google.com> Thu Jan 21 06:32:04 2021 -0800
committer Copybara-Service <copybara-worker@google.com> Thu Jan 21 06:32:47 2021 -0800
tree 8eb373d6007656aba5ea6ffa1d398188ff1aab5b
parent 4049461bcef0a444e834259e8b5c6bb06bd6dd6a

Add TlsServerHandShaker::GetAcceptChValueForOrigin() to configure ACCEPT_CH value.

PiperOrigin-RevId: 353006220
Change-Id: I51f0bba58ca89fea27c6911e910eea9765e2c832

quic/core/tls_server_handshaker.cc

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 2b14657..ebaa0d8 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -512,6 +512,11 @@
   TlsHandshaker::SetWriteSecret(level, cipher, write_secret);
 }
 
+std::string TlsServerHandshaker::GetAcceptChValueForOrigin(
+    const std::string& /*origin*/) const {
+  return {};
+}
+
 void TlsServerHandshaker::FinishHandshake() {
   if (SSL_in_early_data(ssl())) {
     // If the server accepts early data, SSL_do_handshake returns success twice:

quic/core/tls_server_handshaker.h

diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 2a09b50..35c70be 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h
@@ -80,6 +80,11 @@
                       const SSL_CIPHER* cipher,
                       const std::vector<uint8_t>& write_secret) override;
 
+  // Called with normalized SNI hostname as |origin|.  Return value will be sent
+  // in an ACCEPT_CH frame in the TLS ALPS extension, unless empty.
+  virtual std::string GetAcceptChValueForOrigin(
+      const std::string& origin) const;
+
  protected:
   // Creates a proof source handle for selecting cert and computing signature.
   // Only called when |use_proof_source_handle_| is true.