Google Git
Sign in
quiche/quiche.git/d825ed231325b00d09e51adbd01fefadabeb76e0^!/.
commit
d825ed231325b00d09e51adbd01fefadabeb76e0
[log]
author
davidben <davidben@google.com>
Thu Aug 21 09:05:58 2025 -0700
committer
Copybara-Service <copybara-worker@google.com>
Thu Aug 21 09:06:42 2025 -0700
tree
a28f5f42b17bbb636dce5014a49193f5bc52e704
parent
56eaa1e736c3506dab2a98e99c43e25e5ecf71bb [diff]
Remove stale BORINGSSL_API_VERSION ifdefs

The current oldest supported BoringSSL version in QUICHE has a `BORINGSSL_API_VERSION` of 36.

Remove all the old ifdefs so that pre-`SSL_CREDENTIAL` BoringSSLs do not burden further work on the library, including work needed for the post-quantum transition. Carrying them around also gave a mistaken impression that we support or test these alternate codepaths.

PiperOrigin-RevId: 797788302

diff --git a/quiche/quic/core/crypto/tls_server_connection.cc b/quiche/quic/core/crypto/tls_server_connection.cc
index bedfa30..06c5825 100644
--- a/quiche/quic/core/crypto/tls_server_connection.cc
+++ b/quiche/quic/core/crypto/tls_server_connection.cc

@@ -76,7 +76,6 @@
 void TlsServerConnection::SetCertChain(
     const std::vector<CRYPTO_BUFFER*>& cert_chain,
     const std::string& trust_anchor_id) {
-#if defined(BORINGSSL_API_VERSION) && BORINGSSL_API_VERSION >= 36
   if (GetQuicReloadableFlag(enable_tls_trust_anchor_ids)) {
     QUIC_RELOADABLE_FLAG_COUNT_N(enable_tls_trust_anchor_ids, 1, 2);
     bssl::UniquePtr<SSL_CREDENTIAL> credential(SSL_CREDENTIAL_new_x509());
@@ -97,10 +96,6 @@
       SSL_CREDENTIAL_set_must_match_issuer(credential.get(), 1);
     }
     SSL_add1_credential(ssl(), credential.get());
-#else
-  (void)trust_anchor_id;  // Suppress unused parameter error.
-  if (false) {
-#endif
   } else {
     SSL_set_chain_and_key(ssl(), cert_chain.data(), cert_chain.size(), nullptr,
                           &TlsServerConnection::kPrivateKeyMethod);

diff --git a/quiche/quic/core/tls_client_handshaker.cc b/quiche/quic/core/tls_client_handshaker.cc
index 00f56ed..7b5bf97 100644
--- a/quiche/quic/core/tls_client_handshaker.cc
+++ b/quiche/quic/core/tls_client_handshaker.cc

@@ -89,10 +89,8 @@
 
   // TODO(b/193650832) Add SetFromConfig to QUIC handshakers and remove reliance
   // on session pointer.
-#if BORINGSSL_API_VERSION >= 16
   // Ask BoringSSL to randomize the order of TLS extensions.
   SSL_set_permute_extensions(ssl(), true);
-#endif  // BORINGSSL_API_VERSION
 
   // Set the SNI to send, if any.
   SSL_set_connect_state(ssl());
@@ -156,7 +154,6 @@
   // if set.
   if (GetQuicReloadableFlag(enable_tls_trust_anchor_ids)) {
     QUIC_RELOADABLE_FLAG_COUNT_N(enable_tls_trust_anchor_ids, 2, 2);
-#if defined(BORINGSSL_API_VERSION) && BORINGSSL_API_VERSION >= 36
     if (tls_connection_.ssl_config().trust_anchor_ids.has_value()) {
       if (!SSL_set1_requested_trust_anchors(
               ssl(),
@@ -168,7 +165,6 @@
         return false;
       }
     }
-#endif
   }
 
   // Start the handshake.
@@ -527,9 +523,7 @@
     const std::vector<std::string>& certs, std::string* error_details,
     std::unique_ptr<ProofVerifyDetails>* details, uint8_t* out_alert,
     std::unique_ptr<ProofVerifierCallback> callback) {
-#if defined(BORINGSSL_API_VERSION) && BORINGSSL_API_VERSION >= 36
   matched_trust_anchor_id_ = SSL_peer_matched_trust_anchor(ssl());
-#endif
 
   const uint8_t* ocsp_response_raw;
   size_t ocsp_response_len;

diff --git a/quiche/quic/core/tls_client_handshaker_test.cc b/quiche/quic/core/tls_client_handshaker_test.cc
index 58d26a0..79864f0 100644
--- a/quiche/quic/core/tls_client_handshaker_test.cc
+++ b/quiche/quic/core/tls_client_handshaker_test.cc

@@ -366,7 +366,6 @@
   EXPECT_TRUE(stream()->one_rtt_keys_available());
 }
 
-#if defined(BORINGSSL_API_VERSION) && BORINGSSL_API_VERSION >= 36
 TEST_P(TlsClientHandshakerTest, HandshakeWithTrustAnchorIds) {
   SetQuicReloadableFlag(enable_tls_trust_anchor_ids, true);
   const std::string kTestTrustAnchorId = {0x03, 0x01, 0x02, 0x03};
@@ -435,7 +434,6 @@
   ASSERT_TRUE(stream()->encryption_established());
   EXPECT_TRUE(callback_ran);
 }
-#endif
 
 TEST_P(TlsClientHandshakerTest, Resumption) {
   // Disable 0-RTT on the server so that we're only testing 1-RTT resumption:

diff --git a/quiche/quic/core/tls_server_handshaker.cc b/quiche/quic/core/tls_server_handshaker.cc
index 19558c5..1bcc00c 100644
--- a/quiche/quic/core/tls_server_handshaker.cc
+++ b/quiche/quic/core/tls_server_handshaker.cc

@@ -943,7 +943,6 @@
 
     int use_alps_new_codepoint = 0;
 
-#if BORINGSSL_API_VERSION >= 27
     alps_new_codepoint_received_ = SSL_early_callback_ctx_extension_get(
         client_hello, TLSEXT_TYPE_application_settings, &unused_extension_bytes,
         &unused_extension_len);
@@ -954,7 +953,6 @@
     }
     QUIC_DLOG(INFO) << "ALPS use new codepoint: " << use_alps_new_codepoint;
     SSL_set_alps_use_new_codepoint(ssl(), use_alps_new_codepoint);
-#endif  // BORINGSSL_API_VERSION
 
     if (use_alps_new_codepoint == 0) {
       QUIC_CODE_COUNT(quic_gfe_alps_use_old_codepoint);