Google Git
Sign in
quiche/quiche.git/bb4f6ef64e324b48ad7e79a8476bc65ffa781d1e^!/.
commit
bb4f6ef64e324b48ad7e79a8476bc65ffa781d1e
[log] [tgz]
author
QUICHE team <quiche-dev@google.com>
Tue Feb 24 14:39:16 2026 -0800
committer
Copybara-Service <copybara-worker@google.com>
Tue Feb 24 14:39:56 2026 -0800
tree
8cfc6469a54ab305171167dfe357e89868633a15
parent
8aa2871c477aeb004c856c30208784f12a289679 [diff]
No public description

Startblock:
PiperOrigin-RevId: 874798072

diff --git a/quiche/quic/core/crypto/proof_source.h b/quiche/quic/core/crypto/proof_source.h
index 69c5c60..6391ae2 100644
--- a/quiche/quic/core/crypto/proof_source.h
+++ b/quiche/quic/core/crypto/proof_source.h

@@ -418,7 +418,8 @@
       std::optional<std::string> alps,
       const std::vector<uint8_t>& quic_transport_params,
       const std::optional<std::vector<uint8_t>>& early_data_context,
-      const QuicSSLConfig& ssl_config) = 0;
+      const QuicSSLConfig& ssl_config,
+      bool disable_alps_explicit_codepoint) = 0;
 
   // Starts a compute signature operation. If the operation is not cancelled
   // when it completes, callback()->OnComputeSignatureDone will be invoked.

diff --git a/quiche/quic/core/tls_server_handshaker.cc b/quiche/quic/core/tls_server_handshaker.cc
index 1024b2f..3336648 100644
--- a/quiche/quic/core/tls_server_handshaker.cc
+++ b/quiche/quic/core/tls_server_handshaker.cc

@@ -107,7 +107,8 @@
     std::optional<std::string> /*alps*/,
     const std::vector<uint8_t>& /*quic_transport_params*/,
     const std::optional<std::vector<uint8_t>>& /*early_data_context*/,
-    const QuicSSLConfig& /*ssl_config*/) {
+    const QuicSSLConfig& /*ssl_config*/,
+    bool /*disable_alps_explicit_codepoint*/) {
   if (!handshaker_ || !proof_source_) {
     QUIC_BUG(quic_bug_10341_1)
         << "SelectCertificate called on a detached handle";
@@ -1084,7 +1085,7 @@
       AlpnForVersion(session()->version()), std::move(alps_result.alps_buffer),
       set_transport_params_result.quic_transport_params,
       set_transport_params_result.early_data_context,
-      tls_connection_.ssl_config());
+      tls_connection_.ssl_config(), /*disable_alps_explicit_codepoint=*/false);
 
   QUICHE_DCHECK_EQ(status, *select_cert_status());
 

diff --git a/quiche/quic/core/tls_server_handshaker.h b/quiche/quic/core/tls_server_handshaker.h
index 8ad747d..dccf620 100644
--- a/quiche/quic/core/tls_server_handshaker.h
+++ b/quiche/quic/core/tls_server_handshaker.h

@@ -275,7 +275,8 @@
         std::optional<std::string> alps,
         const std::vector<uint8_t>& quic_transport_params,
         const std::optional<std::vector<uint8_t>>& early_data_context,
-        const QuicSSLConfig& ssl_config) override;
+        const QuicSSLConfig& ssl_config,
+        bool disable_alps_explicit_codepoint) override;
 
     // Delegates to proof_source_->ComputeTlsSignature.
     // Returns QUIC_SUCCESS, QUIC_FAILURE or QUIC_PENDING.

diff --git a/quiche/quic/test_tools/fake_proof_source_handle.cc b/quiche/quic/test_tools/fake_proof_source_handle.cc
index 0d99eaf..fc33158 100644
--- a/quiche/quic/test_tools/fake_proof_source_handle.cc
+++ b/quiche/quic/test_tools/fake_proof_source_handle.cc

@@ -95,14 +95,14 @@
     std::optional<std::string> alps,
     const std::vector<uint8_t>& quic_transport_params,
     const std::optional<std::vector<uint8_t>>& early_data_context,
-    const QuicSSLConfig& ssl_config) {
+    const QuicSSLConfig& ssl_config, bool disable_alps_explicit_codepoint) {
   if (select_cert_action_ != Action::FAIL_SYNC_DO_NOT_CHECK_CLOSED) {
     QUICHE_CHECK(!closed_);
   }
-  all_select_cert_args_.push_back(
-      SelectCertArgs(server_address, client_address, original_connection_id,
-                     ssl_capabilities, hostname, alpn, alps,
-                     quic_transport_params, early_data_context, ssl_config));
+  all_select_cert_args_.push_back(SelectCertArgs(
+      server_address, client_address, original_connection_id, ssl_capabilities,
+      hostname, alpn, alps, quic_transport_params, early_data_context,
+      ssl_config, disable_alps_explicit_codepoint));
 
   if (select_cert_action_ == Action::DELEGATE_ASYNC ||
       select_cert_action_ == Action::FAIL_ASYNC) {

diff --git a/quiche/quic/test_tools/fake_proof_source_handle.h b/quiche/quic/test_tools/fake_proof_source_handle.h
index b9903ad..3347482 100644
--- a/quiche/quic/test_tools/fake_proof_source_handle.h
+++ b/quiche/quic/test_tools/fake_proof_source_handle.h

@@ -62,7 +62,8 @@
       std::optional<std::string> alps,
       const std::vector<uint8_t>& quic_transport_params,
       const std::optional<std::vector<uint8_t>>& early_data_context,
-      const QuicSSLConfig& ssl_config) override;
+      const QuicSSLConfig& ssl_config,
+      bool disable_alps_explicit_codepoint) override;
 
   QuicAsyncStatus ComputeSignature(const QuicSocketAddress& server_address,
                                    const QuicSocketAddress& client_address,
@@ -85,7 +86,8 @@
                    std::string alpn, std::optional<std::string> alps,
                    std::vector<uint8_t> quic_transport_params,
                    std::optional<std::vector<uint8_t>> early_data_context,
-                   QuicSSLConfig ssl_config)
+                   QuicSSLConfig ssl_config,
+                   bool disable_alps_explicit_codepoint)
         : server_address(server_address),
           client_address(client_address),
           original_connection_id(original_connection_id),
@@ -95,7 +97,8 @@
           alps(alps),
           quic_transport_params(quic_transport_params),
           early_data_context(early_data_context),
-          ssl_config(ssl_config) {}
+          ssl_config(ssl_config),
+          disable_alps_explicit_codepoint(disable_alps_explicit_codepoint) {}
 
     QuicSocketAddress server_address;
     QuicSocketAddress client_address;
@@ -107,6 +110,7 @@
     std::vector<uint8_t> quic_transport_params;
     std::optional<std::vector<uint8_t>> early_data_context;
     QuicSSLConfig ssl_config;
+    bool disable_alps_explicit_codepoint;
   };
 
   struct ComputeSignatureArgs {