Google Git
Sign in
quiche / quiche.git / d25cd65656f03041290ec6986cfd9ea8d705d613^! / . / quic / core / crypto
commitd25cd65656f03041290ec6986cfd9ea8d705d613[log] [tgz]
authornharper <nharper@google.com>Wed May 20 13:10:26 2020 -0700
committerCopybara-Service <copybara-worker@google.com>Wed May 20 13:10:58 2020 -0700
tree22542a1163bd52c3993e15f26799d71652d25711
parentebf55e4c2b39b3016a3c52e9a76c9c7be6954dcb [diff]
Handle 0-RTT in TlsClientHandshaker

Tls-in-quic 0-rtt change, protected by disabled flag quic_enable_zero_rtt_for_tls

PiperOrigin-RevId: 312540775
Change-Id: I3d26ee14db86a7b81d0886f9951c41acb2d469b1

diff --git a/quic/core/crypto/quic_crypto_client_config.cc b/quic/core/crypto/quic_crypto_client_config.cc
index 7f8edc2..fd1d41c 100644
--- a/quic/core/crypto/quic_crypto_client_config.cc
+++ b/quic/core/crypto/quic_crypto_client_config.cc

@@ -67,7 +67,9 @@
     std::unique_ptr<SessionCache> session_cache)
     : proof_verifier_(std::move(proof_verifier)),
       session_cache_(std::move(session_cache)),
-      ssl_ctx_(TlsClientConnection::CreateSslCtx()) {
+      enable_zero_rtt_for_tls_(
+          GetQuicReloadableFlag(quic_enable_zero_rtt_for_tls)),
+      ssl_ctx_(TlsClientConnection::CreateSslCtx(enable_zero_rtt_for_tls_)) {
   DCHECK(proof_verifier_.get());
   SetDefaults();
 }

diff --git a/quic/core/crypto/quic_crypto_client_config.h b/quic/core/crypto/quic_crypto_client_config.h
index e3867c8..9a87556 100644
--- a/quic/core/crypto/quic_crypto_client_config.h
+++ b/quic/core/crypto/quic_crypto_client_config.h

@@ -368,6 +368,8 @@
   void set_proof_source(std::unique_ptr<ProofSource> proof_source);
   SSL_CTX* ssl_ctx() const;
 
+  bool early_data_enabled_for_tls() const { return enable_zero_rtt_for_tls_; }
+
   // Initialize the CachedState from |canonical_crypto_config| for the
   // |canonical_server_id| as the initial CachedState for |server_id|. We will
   // copy config data only if |canonical_crypto_config| has valid proof.
@@ -450,6 +452,9 @@
   std::unique_ptr<ProofVerifier> proof_verifier_;
   std::unique_ptr<SessionCache> session_cache_;
   std::unique_ptr<ProofSource> proof_source_;
+
+  // Latched value of reloadable flag quic_enable_zero_rtt_for_tls
+  bool enable_zero_rtt_for_tls_;
   bssl::UniquePtr<SSL_CTX> ssl_ctx_;
 
   // The |user_agent_id_| passed in QUIC's CHLO message.

diff --git a/quic/core/crypto/tls_client_connection.cc b/quic/core/crypto/tls_client_connection.cc
index 7d11224..7908847 100644
--- a/quic/core/crypto/tls_client_connection.cc
+++ b/quic/core/crypto/tls_client_connection.cc

@@ -11,7 +11,8 @@
       delegate_(delegate) {}
 
 // static
-bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx() {
+bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx(
+    bool enable_early_data) {
   bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx();
   // Configure certificate verification.
   SSL_CTX_set_custom_verify(ssl_ctx.get(), SSL_VERIFY_PEER, &VerifyCallback);
@@ -22,6 +23,8 @@
   SSL_CTX_set_session_cache_mode(
       ssl_ctx.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
   SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
+
+  SSL_CTX_set_early_data_enabled(ssl_ctx.get(), enable_early_data);
   return ssl_ctx;
 }
 

diff --git a/quic/core/crypto/tls_client_connection.h b/quic/core/crypto/tls_client_connection.h
index 035f420..a7ef209 100644
--- a/quic/core/crypto/tls_client_connection.h
+++ b/quic/core/crypto/tls_client_connection.h

@@ -39,7 +39,7 @@
   TlsClientConnection(SSL_CTX* ssl_ctx, Delegate* delegate);
 
   // Creates and configures an SSL_CTX that is appropriate for clients to use.
-  static bssl::UniquePtr<SSL_CTX> CreateSslCtx();
+  static bssl::UniquePtr<SSL_CTX> CreateSslCtx(bool enable_early_data);
 
  private:
   // Registered as the callback for SSL_CTX_set_custom_verify. The