commit d1fc5910f5dbb3f4680057a29afc522c25fee0ec
author danzh <danzh@google.com> Fri May 01 15:29:04 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Fri May 01 15:29:28 2020 -0700
tree b7ef58292d61876b85781bfc121709cf958a89b5
parent 778e6477bcde6611d4fc3e0467903bfe258124a0

gfe-relnote: add client address into Quic proof source/verifier interface. No behavior change as the client address remains unused in GFE. Not protected.

This is needed for Envoy as client address is need to retrieve certs in Envoy.

PiperOrigin-RevId: 309485174
Change-Id: I3962c648bf33e853205541689f6e14a0fec7fe2b

quic/core/tls_server_handshaker.cc

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 249973c..baecf70 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -378,7 +378,8 @@
     quiche::QuicheStringPiece in) {
   signature_callback_ = new SignatureCallback(this);
   proof_source_->ComputeTlsSignature(
-      session()->connection()->self_address(), hostname_, sig_alg, in,
+      session()->connection()->self_address(),
+      session()->connection()->peer_address(), hostname_, sig_alg, in,
       std::unique_ptr<SignatureCallback>(signature_callback_));
   if (state_ == STATE_SIGNATURE_COMPLETE) {
     return PrivateKeyComplete(out, out_len, max_out);
@@ -480,6 +481,7 @@
 
   QuicReferenceCountedPointer<ProofSource::Chain> chain =
       proof_source_->GetCertChain(session()->connection()->self_address(),
+                                  session()->connection()->peer_address(),
                                   hostname_);
   if (chain->certs.empty()) {
     QUIC_LOG(ERROR) << "No certs provided for host '" << hostname_ << "'";