)]}'
{
  "commit": "f03456ceb0db4f11696f304325e55fddc9567797",
  "tree": "0da910bd7edeedbf3255a41c622485fc42ca12d2",
  "parents": [
    "b23daa7bf1f6e704b6699703348015bcf76b03e2"
  ],
  "author": {
    "name": "QUICHE team",
    "email": "quiche-dev@google.com",
    "time": "Thu Mar 21 08:54:47 2019 -0700"
  },
  "committer": {
    "name": "Copybara-Service",
    "email": "copybara-worker@google.com",
    "time": "Thu Mar 21 08:55:11 2019 -0700"
  },
  "message": "Teach QUIC about the concept of \"fallback\" key exchange\n\nIn the Leto world, GFE\u0027s QUIC stack will be configured with a bunch of ServerConfigs whose private keys live remotely, on the Leto server.  Each GFE will also generate a ServerConfig with a local keypair, to which it will fall back in a Leto outage.\n\nThe QUIC stack will need to be able to distinguish the fallback ServerConfig from the others.  This CL takes a step in that direction, by adding an \u0027is_fallback\u0027 argument to KeyExchangeSource::Create, which instructs it not to create a Leto-aware KeyExchange, but a local one.\n\nFor non-Leto-configured GFEs, this argument is simply ignored, since all KeyExchanges will already be local.\n\nThis CL also modifies the LetoKeyExchange infrastructure to behave reasonably if the private key passed to KeyExchangeSource::Create is empty (i.e. the private key lives remotely on Leto and is not mirrored on the GFE).\n\nThis CL is not flag-protected.  The changes are all no-ops in the GFE for the following reasons:\n- The is_fallback argument is currently set to false everywhere in the GFE.\n- The private_key argument is always set in the GFE.\n\nSubsequent CLs will change these arguments, and *those* will be flag-protected.\n\ngfe-relnote: Adding codepaths not yet reachable in the GFE.  Not flag-protected.\nPiperOrigin-RevId: 239603863\nChange-Id: I34fc2311559db2221a26c83d8c6dfa05954b5fd5\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "4c77e21a8e4d33b1a22b3be2fe8d85b442f92323",
      "old_mode": 33188,
      "old_path": "quic/core/crypto/quic_crypto_server_config.cc",
      "new_id": "daa8d070727b0ea1fde61c3bd8d16aeb185d051c",
      "new_mode": 33188,
      "new_path": "quic/core/crypto/quic_crypto_server_config.cc"
    },
    {
      "type": "modify",
      "old_id": "0304bf3717c61f188f0932e2395f4ae057ebcb9c",
      "old_mode": 33188,
      "old_path": "quic/core/crypto/quic_crypto_server_config.h",
      "new_id": "2ba028eeb4a28a2f258c470ac38f44a915544d6b",
      "new_mode": 33188,
      "new_path": "quic/core/crypto/quic_crypto_server_config.h"
    }
  ]
}