Google Git
Sign in
quiche/quiche.git/719bf0f6ec749a04435633cb51285f82d8f23fe8^!/.
commit
719bf0f6ec749a04435633cb51285f82d8f23fe8
[log] [tgz]
author
wub <wub@google.com>
Tue Dec 22 08:52:19 2020 -0800
committer
Copybara-Service <copybara-worker@google.com>
Tue Dec 22 08:52:49 2020 -0800
tree
ff23777a501f1f80576792340f493feae4b7bb80
parent
c42f71e0421232c601d1bc9e6414478931f1df71 [diff]
Rename TlsServerConnection::SelectCertificate and TlsServerConnection::Delegate::SelectCertificate to TlsExtServernameCallback to reflect the fact that they will not be used to select certificate when --quic_tls_use_early_select_cert is enabled.

PiperOrigin-RevId: 348641220
Change-Id: I8ebdf39ad355ebcf22e11c1a9b88e6b6cf0673bc

diff --git a/quic/core/crypto/tls_server_connection.cc b/quic/core/crypto/tls_server_connection.cc
index 8315210..92b7a6d 100644
--- a/quic/core/crypto/tls_server_connection.cc
+++ b/quic/core/crypto/tls_server_connection.cc

@@ -22,7 +22,7 @@
   bssl::UniquePtr<SSL_CTX> ssl_ctx =
       TlsConnection::CreateSslCtx(SSL_VERIFY_NONE);
   SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(),
-                                         &SelectCertificateCallback);
+                                         &TlsExtServernameCallback);
   SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), &SelectAlpnCallback, nullptr);
   // We don't actually need the TicketCrypter here, but we need to know
   // whether it's set.
@@ -72,10 +72,10 @@
 }
 
 // static
-int TlsServerConnection::SelectCertificateCallback(SSL* ssl,
-                                                   int* out_alert,
-                                                   void* /*arg*/) {
-  return ConnectionFromSsl(ssl)->delegate_->SelectCertificate(out_alert);
+int TlsServerConnection::TlsExtServernameCallback(SSL* ssl,
+                                                  int* out_alert,
+                                                  void* /*arg*/) {
+  return ConnectionFromSsl(ssl)->delegate_->TlsExtServernameCallback(out_alert);
 }
 
 // static

diff --git a/quic/core/crypto/tls_server_connection.h b/quic/core/crypto/tls_server_connection.h
index 50c6f7c..8aec345 100644
--- a/quic/core/crypto/tls_server_connection.h
+++ b/quic/core/crypto/tls_server_connection.h

@@ -27,15 +27,18 @@
     virtual ssl_select_cert_result_t EarlySelectCertCallback(
         const SSL_CLIENT_HELLO* client_hello) = 0;
 
-    // Configures the certificate to use on |ssl_| based on the SNI sent by the
-    // client. Returns an SSL_TLSEXT_ERR_* value (see
+    // Called after the ClientHello extensions have been successfully parsed.
+    // Returns an SSL_TLSEXT_ERR_* value (see
     // https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_tlsext_servername_callback).
     //
-    // If SelectCertificate returns SSL_TLSEXT_ERR_ALERT_FATAL, then it puts in
+    // On success, return SSL_TLSEXT_ERR_OK causes the server_name extension to
+    // be acknowledged in the ServerHello, or return SSL_TLSEXT_ERR_NOACK which
+    // causes it to be not acknowledged.
+    //
+    // If the function returns SSL_TLSEXT_ERR_ALERT_FATAL, then it puts in
     // |*out_alert| the TLS alert value that the server will send.
     //
-    // TODO(wub): Deprecate it after enabling --quic_tls_use_early_select_cert.
-    virtual int SelectCertificate(int* out_alert) = 0;
+    virtual int TlsExtServernameCallback(int* out_alert) = 0;
 
     // Selects which ALPN to use based on the list sent by the client.
     virtual int SelectAlpn(const uint8_t** out,
@@ -133,7 +136,7 @@
 
   // These functions are registered as callbacks in BoringSSL and delegate their
   // implementation to the matching methods in Delegate above.
-  static int SelectCertificateCallback(SSL* ssl, int* out_alert, void* arg);
+  static int TlsExtServernameCallback(SSL* ssl, int* out_alert, void* arg);
   static int SelectAlpnCallback(SSL* ssl,
                                 const uint8_t** out,
                                 uint8_t* out_len,

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index ad79bd9..c3b0ecb 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc

@@ -639,7 +639,7 @@
   return true;
 }
 
-int TlsServerHandshaker::SelectCertificate(int* out_alert) {
+int TlsServerHandshaker::TlsExtServernameCallback(int* out_alert) {
   if (use_early_select_cert_) {
     return SSL_TLSEXT_ERR_OK;
   }

diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 1c5eaa6..d333120 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h

@@ -112,7 +112,7 @@
   // Used to select certificates and process transport parameters.
   ssl_select_cert_result_t EarlySelectCertCallback(
       const SSL_CLIENT_HELLO* client_hello) override;
-  int SelectCertificate(int* out_alert) override;
+  int TlsExtServernameCallback(int* out_alert) override;
   int SelectAlpn(const uint8_t** out,
                  uint8_t* out_len,
                  const uint8_t* in,