commit a6a85a8059f31263fdae813e5d47e304cf293cad
author fayang <fayang@google.com> Mon May 04 08:58:53 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Mon May 04 08:59:37 2020 -0700
tree 91c71df34d34d989ce637080d6b786d6fded0fed
parent 9a31bd55ff106cbe33c9d93861aa80855a04aefa

gfe-relnote: In QUIC with TLS, do not proceed in SetWriteSecret if connection has been closed. Protected by gfe2_reloadable_flag_quic_notify_handshaker_on_connection_close.

PiperOrigin-RevId: 309753183
Change-Id: I829b92d82ca84f85ab60aa09940a3b205641a34b

quic/core/tls_server_handshaker.cc

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index baecf70..890abae 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -162,6 +162,11 @@
   return false;
 }
 
+void TlsServerHandshaker::OnConnectionClosed(QuicErrorCode /*error*/,
+                                             ConnectionCloseSource /*source*/) {
+  state_ = STATE_CONNECTION_CLOSED;
+}
+
 bool TlsServerHandshaker::encryption_established() const {
   return encryption_established_;
 }
@@ -326,6 +331,10 @@
     EncryptionLevel level,
     const SSL_CIPHER* cipher,
     const std::vector<uint8_t>& write_secret) {
+  if (GetQuicReloadableFlag(quic_notify_handshaker_on_connection_close) &&
+      state_ == STATE_CONNECTION_CLOSED) {
+    return;
+  }
   if (level == ENCRYPTION_FORWARD_SECURE) {
     encryption_established_ = true;
     // Fill crypto_negotiated_params_: