Refactor TlsHandshaker classes
QuicCryptoClientConfig and QuicCryptoServerConfig each own an SSL_CTX,
which is currently created by TlsHandshaker. Those crypto config classes
can't take a dependency on TlsHandshaker (because TlsHandshaker depends on
classes have a dependency in the other direction), resulting in the SSL_CTX
being passed into the crypto config constructors. The SSL_CTX shouldn't be
exposed like this, as it's essentially an implementation detail of the
crypto handshake.
This CL splits TlsHandshaker in two. TlsConnection (and its subclasses) are
in quic/core/crypto, and handle the callbacks from BoringSSL. In turn, it
passes the implementation of those callbacks to a delegate. TlsHandshaker
implements this delegate and owns the TlsConnection.
gfe-relnote: refactor TLS handshake classes in QUIC; not flag protected
PiperOrigin-RevId: 253140899
Change-Id: Ie907a7f61798c29a385be15ea0f53403b86508ab
diff --git a/quic/core/tls_client_handshaker.h b/quic/core/tls_client_handshaker.h
index 3647e10..d3e1e0c 100644
--- a/quic/core/tls_client_handshaker.h
+++ b/quic/core/tls_client_handshaker.h
@@ -9,6 +9,7 @@
#include "third_party/boringssl/src/include/openssl/ssl.h"
#include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
+#include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h"
#include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h"
#include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
#include "net/third_party/quiche/src/quic/core/tls_handshaker.h"
@@ -19,8 +20,9 @@
// An implementation of QuicCryptoClientStream::HandshakerDelegate which uses
// TLS 1.3 for the crypto handshake protocol.
class QUIC_EXPORT_PRIVATE TlsClientHandshaker
- : public QuicCryptoClientStream::HandshakerDelegate,
- public TlsHandshaker {
+ : public TlsHandshaker,
+ public QuicCryptoClientStream::HandshakerDelegate,
+ public TlsClientConnection::Delegate {
public:
TlsClientHandshaker(QuicCryptoStream* stream,
QuicSession* session,
@@ -51,6 +53,17 @@
const override;
CryptoMessageParser* crypto_message_parser() override;
+ protected:
+ TlsConnection* tls_connection() { return &tls_connection_; }
+
+ void AdvanceHandshake() override;
+ void CloseConnection(QuicErrorCode error,
+ const std::string& reason_phrase) override;
+
+ // TlsClientConnection::Delegate implementation:
+ enum ssl_verify_result_t VerifyCert(uint8_t* out_alert) override;
+ TlsConnection::Delegate* ConnectionDelegate() override { return this; }
+
private:
// ProofVerifierCallbackImpl handles the result of an asynchronous certificate
// verification operation.
@@ -83,21 +96,6 @@
bool ProcessTransportParameters(std::string* error_details);
void FinishHandshake();
- void AdvanceHandshake() override;
- void CloseConnection(QuicErrorCode error,
- const std::string& reason_phrase) override;
-
- // Certificate verification functions:
-
- enum ssl_verify_result_t VerifyCert(uint8_t* out_alert);
- // Static method to supply to SSL_set_custom_verify.
- static enum ssl_verify_result_t VerifyCallback(SSL* ssl, uint8_t* out_alert);
-
- // Takes an SSL* |ssl| and returns a pointer to the TlsClientHandshaker that
- // it belongs to. This is a specialization of
- // TlsHandshaker::HandshakerFromSsl.
- static TlsClientHandshaker* HandshakerFromSsl(SSL* ssl);
-
QuicServerId server_id_;
// Objects used for verifying the server's certificate chain.
@@ -119,6 +117,8 @@
bool handshake_confirmed_ = false;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
crypto_negotiated_params_;
+
+ TlsClientConnection tls_connection_;
};
} // namespace quic
