)]}' { "commit": "47a444f77c2a74d9b5a366ff53a14c2a0fac6e9f", "tree": "08e1b2f6a3e1d2bd980ef87520a8f284fc732a84", "parents": [ "bbe16c18d2fc0ea4bc261b20dbc28fe53e32bf13" ], "author": { "name": "QUICHE team", "email": "quiche-dev@google.com", "time": "Mon May 12 21:46:52 2025 -0700" }, "committer": { "name": "Copybara-Service", "email": "copybara-worker@google.com", "time": "Mon May 12 21:47:51 2025 -0700" }, "message": "Add QUIC client support for Trust Anchor IDs\n\nDesign doc: https://docs.google.com/document/d/1aO36iL4lLve7X13j3COPz4D7465m64x8Si8i8W3JDDk/edit?resourcekey\u003d0-x7c0yQk0k-MLysVvy4GI_g\u0026tab\u003dt.0#heading\u003dh.bat9awopsp53\n\nThis CL adds QUIC client support for https://tlswg.org/tls-trust-anchor-ids/draft-ietf-tls-trust-anchor-ids.html. It adds a field to QuicSSLConfig that can be optionally be populated with a list of Trust Anchor IDs. If set, this will be used to configure BoringSSL to send the Trust Anchor IDs extension.\n\nTo be able to test this, I added some rudimentary server support, namely adding a |trust_anchor_id| to ProofSource::Chain which, if non-empty, is configured alongside the server certificate using the SSL_CREDENTIAL API (see go/ssl-credential). Further work will be needed for true TAI server support, but this (along with a getter to check if the server indicated that the certificate matched the client\u0027s TAI list) is enough to test the client code.\n\nProtected by FLAGS_gfe2_reloadable_flag_enable_tls_trust_anchor_ids.\n\nPiperOrigin-RevId: 758041574\n", "tree_diff": [ { "type": "modify", "old_id": "bb8bf60de19c953dc7048d3c2c722c70de9929ba", "old_mode": 33261, "old_path": "quiche/common/quiche_feature_flags_list.h", "new_id": "424b2b9b7d234d54797a2727745d52076f7fc0d1", "new_mode": 33261, "new_path": "quiche/common/quiche_feature_flags_list.h" }, { "type": "modify", "old_id": "4114216a628819de2f7e81c836775384e80eecdd", "old_mode": 33188, "old_path": "quiche/quic/core/crypto/proof_source.cc", "new_id": "ff489c141ee18615822705bb8f36f86c4ff966a4", "new_mode": 33188, "new_path": "quiche/quic/core/crypto/proof_source.cc" }, { "type": "modify", "old_id": "3976bfb342e7e8a4d34128220d769ef0e116214e", "old_mode": 33188, "old_path": "quiche/quic/core/crypto/proof_source.h", "new_id": "21276ed3846a98c3d5b1ac0adad36d2c8328fa12", "new_mode": 33188, "new_path": "quiche/quic/core/crypto/proof_source.h" }, { "type": "modify", "old_id": "9bf6dcaaa76da7c4d021dedc84cdff9ded88740d", "old_mode": 33188, "old_path": "quiche/quic/core/crypto/tls_server_connection.cc", "new_id": "39e2f4aca0642ac47212edd900b0bae533beb087", "new_mode": 33188, "new_path": "quiche/quic/core/crypto/tls_server_connection.cc" }, { "type": "modify", "old_id": "9301f2cb19b7d22e8381cac0e27ce824760e6796", "old_mode": 33188, "old_path": "quiche/quic/core/crypto/tls_server_connection.h", "new_id": "dc8a0a5b0a24739ef37a37676c94fdb1f7645bd2", "new_mode": 33188, "new_path": "quiche/quic/core/crypto/tls_server_connection.h" }, { "type": "modify", "old_id": "8e9ef05597be09743f9edaac888a1f50d15165dc", "old_mode": 33188, "old_path": "quiche/quic/core/quic_crypto_client_handshaker.h", "new_id": "e4dc402a8db1983ed319b33add9c1fbb3b2b97e4", "new_mode": 33188, "new_path": "quiche/quic/core/quic_crypto_client_handshaker.h" }, { "type": "modify", "old_id": "aa11954ce2692540e396b5fbdf89bd244880f0bc", "old_mode": 33188, "old_path": "quiche/quic/core/quic_crypto_client_stream.cc", "new_id": "6b1abf718491911146481a499776120aea9bdbd3", "new_mode": 33188, "new_path": "quiche/quic/core/quic_crypto_client_stream.cc" }, { "type": "modify", "old_id": "71844aa2f8c4bbe22e183eef87fe4fbf0acb4936", "old_mode": 33188, "old_path": "quiche/quic/core/quic_crypto_client_stream.h", "new_id": "ca7a39e435baaaa1b5bf7ce7aedb078f6dacb5da", "new_mode": 33188, "new_path": "quiche/quic/core/quic_crypto_client_stream.h" }, { "type": "modify", "old_id": "f0649bd846b4beeda9f35acc835e58466aff4c43", "old_mode": 33188, "old_path": "quiche/quic/core/quic_types.h", "new_id": "836ee4f976be3850c3c87838d80fd4af102a14e6", "new_mode": 33188, "new_path": "quiche/quic/core/quic_types.h" }, { "type": "modify", "old_id": "4f18e593c2116ac8be45698843a31c9290bb7caf", "old_mode": 33188, "old_path": "quiche/quic/core/tls_client_handshaker.cc", "new_id": "6dc4ef9f2c4d9b7084e1df1a7dfa360aed040cde", "new_mode": 33188, "new_path": "quiche/quic/core/tls_client_handshaker.cc" }, { "type": "modify", "old_id": "0353ab1cee2c1e7191d1ef98cac9f6d22a7a70e1", "old_mode": 33188, "old_path": "quiche/quic/core/tls_client_handshaker.h", "new_id": "6aab27082570d333953d7a3054532509dbf76723", "new_mode": 33188, "new_path": "quiche/quic/core/tls_client_handshaker.h" }, { "type": "modify", "old_id": "00b373491f6ba2c01fa5b1b847e2fb5d2691f52d", "old_mode": 33188, "old_path": "quiche/quic/core/tls_client_handshaker_test.cc", "new_id": "675b994f1a65eddab28f90f2a4df1ee73dce112f", "new_mode": 33188, "new_path": "quiche/quic/core/tls_client_handshaker_test.cc" }, { "type": "modify", "old_id": "8e84d57aed0920943080f70578bb4caee7a386c4", "old_mode": 33188, "old_path": "quiche/quic/core/tls_server_handshaker.cc", "new_id": "f59f7bff044191c06d3be8a667277d2eb2fce921", "new_mode": 33188, "new_path": "quiche/quic/core/tls_server_handshaker.cc" }, { "type": "modify", "old_id": "f062ef2000626af39e8b32c1ff50d97a1811efbe", "old_mode": 33188, "old_path": "quiche/quic/test_tools/crypto_test_utils.cc", "new_id": "5b5d2cb34d664db4a905d025920853e78c821aba", "new_mode": 33188, "new_path": "quiche/quic/test_tools/crypto_test_utils.cc" }, { "type": "modify", "old_id": "373888525cd98e16d52435c5c6fc717edf4fdfb3", "old_mode": 33188, "old_path": "quiche/quic/test_tools/crypto_test_utils.h", "new_id": "79fc473fcdb5d543ce98b97f6c5b6892a77f0d18", "new_mode": 33188, "new_path": "quiche/quic/test_tools/crypto_test_utils.h" } ] }