|  | // Copyright (c) 2019 The Chromium Authors. All rights reserved. | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | #include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h" | 
|  |  | 
|  | namespace quic { | 
|  |  | 
|  | TlsClientConnection::TlsClientConnection(SSL_CTX* ssl_ctx, Delegate* delegate) | 
|  | : TlsConnection(ssl_ctx, delegate->ConnectionDelegate()), | 
|  | delegate_(delegate) {} | 
|  |  | 
|  | // static | 
|  | bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx() { | 
|  | bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx(); | 
|  | // Configure certificate verification. | 
|  | // TODO(nharper): This only verifies certs on initial connection, not on | 
|  | // resumption. Chromium has this callback be a no-op and verifies the | 
|  | // certificate after the connection is complete. We need to re-verify on | 
|  | // resumption in case of expiration or revocation/distrust. | 
|  | SSL_CTX_set_custom_verify(ssl_ctx.get(), SSL_VERIFY_PEER, &VerifyCallback); | 
|  | return ssl_ctx; | 
|  | } | 
|  |  | 
|  | // static | 
|  | enum ssl_verify_result_t TlsClientConnection::VerifyCallback( | 
|  | SSL* ssl, | 
|  | uint8_t* out_alert) { | 
|  | return static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl)) | 
|  | ->delegate_->VerifyCert(out_alert); | 
|  | } | 
|  |  | 
|  | }  // namespace quic |