Rename TlsServerConnection::SelectCertificate and TlsServerConnection::Delegate::SelectCertificate to TlsExtServernameCallback to reflect the fact that they will not be used to select certificate when --quic_tls_use_early_select_cert is enabled.
PiperOrigin-RevId: 348641220
Change-Id: I8ebdf39ad355ebcf22e11c1a9b88e6b6cf0673bc
diff --git a/quic/core/crypto/tls_server_connection.cc b/quic/core/crypto/tls_server_connection.cc
index 8315210..92b7a6d 100644
--- a/quic/core/crypto/tls_server_connection.cc
+++ b/quic/core/crypto/tls_server_connection.cc
@@ -22,7 +22,7 @@
bssl::UniquePtr<SSL_CTX> ssl_ctx =
TlsConnection::CreateSslCtx(SSL_VERIFY_NONE);
SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(),
- &SelectCertificateCallback);
+ &TlsExtServernameCallback);
SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), &SelectAlpnCallback, nullptr);
// We don't actually need the TicketCrypter here, but we need to know
// whether it's set.
@@ -72,10 +72,10 @@
}
// static
-int TlsServerConnection::SelectCertificateCallback(SSL* ssl,
- int* out_alert,
- void* /*arg*/) {
- return ConnectionFromSsl(ssl)->delegate_->SelectCertificate(out_alert);
+int TlsServerConnection::TlsExtServernameCallback(SSL* ssl,
+ int* out_alert,
+ void* /*arg*/) {
+ return ConnectionFromSsl(ssl)->delegate_->TlsExtServernameCallback(out_alert);
}
// static
diff --git a/quic/core/crypto/tls_server_connection.h b/quic/core/crypto/tls_server_connection.h
index 50c6f7c..8aec345 100644
--- a/quic/core/crypto/tls_server_connection.h
+++ b/quic/core/crypto/tls_server_connection.h
@@ -27,15 +27,18 @@
virtual ssl_select_cert_result_t EarlySelectCertCallback(
const SSL_CLIENT_HELLO* client_hello) = 0;
- // Configures the certificate to use on |ssl_| based on the SNI sent by the
- // client. Returns an SSL_TLSEXT_ERR_* value (see
+ // Called after the ClientHello extensions have been successfully parsed.
+ // Returns an SSL_TLSEXT_ERR_* value (see
// https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_tlsext_servername_callback).
//
- // If SelectCertificate returns SSL_TLSEXT_ERR_ALERT_FATAL, then it puts in
+ // On success, return SSL_TLSEXT_ERR_OK causes the server_name extension to
+ // be acknowledged in the ServerHello, or return SSL_TLSEXT_ERR_NOACK which
+ // causes it to be not acknowledged.
+ //
+ // If the function returns SSL_TLSEXT_ERR_ALERT_FATAL, then it puts in
// |*out_alert| the TLS alert value that the server will send.
//
- // TODO(wub): Deprecate it after enabling --quic_tls_use_early_select_cert.
- virtual int SelectCertificate(int* out_alert) = 0;
+ virtual int TlsExtServernameCallback(int* out_alert) = 0;
// Selects which ALPN to use based on the list sent by the client.
virtual int SelectAlpn(const uint8_t** out,
@@ -133,7 +136,7 @@
// These functions are registered as callbacks in BoringSSL and delegate their
// implementation to the matching methods in Delegate above.
- static int SelectCertificateCallback(SSL* ssl, int* out_alert, void* arg);
+ static int TlsExtServernameCallback(SSL* ssl, int* out_alert, void* arg);
static int SelectAlpnCallback(SSL* ssl,
const uint8_t** out,
uint8_t* out_len,
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index ad79bd9..c3b0ecb 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -639,7 +639,7 @@
return true;
}
-int TlsServerHandshaker::SelectCertificate(int* out_alert) {
+int TlsServerHandshaker::TlsExtServernameCallback(int* out_alert) {
if (use_early_select_cert_) {
return SSL_TLSEXT_ERR_OK;
}
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 1c5eaa6..d333120 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h
@@ -112,7 +112,7 @@
// Used to select certificates and process transport parameters.
ssl_select_cert_result_t EarlySelectCertCallback(
const SSL_CLIENT_HELLO* client_hello) override;
- int SelectCertificate(int* out_alert) override;
+ int TlsExtServernameCallback(int* out_alert) override;
int SelectAlpn(const uint8_t** out,
uint8_t* out_len,
const uint8_t* in,