gfe-relnote: Allow no SNI in TLS QUIC handshake, protected by quic_enable_version_t0XX flags This allows using a QuicCryptoClientStream with TLS when the QuicServerId has an empty hostname. It also modifies the server to expose the received SNI in the crypto_negotiated_params. //gfe/gfe2/quic:end_to_end_test runs with an empty servername; this change will be needed to support TLS in that end to end test. PiperOrigin-RevId: 285099863 Change-Id: I80e94a91824e8b53ed9fd5149a40dd63845fe9b5

commit: 0f51d2ef9003dfb8f0bcbf073b453da5d3a17554 [log] [tgz]
author: nharper <nharper@google.com> Wed Dec 11 17:52:05 2019 -0800
committer: Copybara-Service <copybara-worker@google.com> Wed Dec 11 17:52:53 2019 -0800
tree: 8f837920a84e74dd51ce1609d9dbe33611c8f15b
parent: 9cd28a3c6b532cf181c6a2300f3df53a57cc3473 [diff] [blame]
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index a65fefc..a222c20 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc

@@ -68,9 +68,10 @@
 bool TlsClientHandshaker::CryptoConnect() {
   state_ = STATE_HANDSHAKE_RUNNING;
 
-  // Configure the SSL to be a client.
+  // Set the SNI to send, if any.
   SSL_set_connect_state(ssl());
-  if (SSL_set_tlsext_host_name(ssl(), server_id_.host().c_str()) != 1) {
+  if (!server_id_.host().empty() &&
+      SSL_set_tlsext_host_name(ssl(), server_id_.host().c_str()) != 1) {
     return false;
   }
commit	0f51d2ef9003dfb8f0bcbf073b453da5d3a17554	[log] [tgz]
author	nharper <nharper@google.com>	Wed Dec 11 17:52:05 2019 -0800
committer	Copybara-Service <copybara-worker@google.com>	Wed Dec 11 17:52:53 2019 -0800
tree	8f837920a84e74dd51ce1609d9dbe33611c8f15b
parent	9cd28a3c6b532cf181c6a2300f3df53a57cc3473 [diff] [blame]