gfe-relnote: Allow no SNI in TLS QUIC handshake, protected by quic_enable_version_t0XX flags
This allows using a QuicCryptoClientStream with TLS when the QuicServerId
has an empty hostname. It also modifies the server to expose the received
SNI in the crypto_negotiated_params.
//gfe/gfe2/quic:end_to_end_test runs with an empty servername; this change
will be needed to support TLS in that end to end test.
PiperOrigin-RevId: 285099863
Change-Id: I80e94a91824e8b53ed9fd5149a40dd63845fe9b5
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 24af98d..d9217c4 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -11,6 +11,7 @@
#include "third_party/boringssl/src/include/openssl/ssl.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h"
#include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_hostname_utils.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
namespace quic {
@@ -314,6 +315,8 @@
const char* hostname = SSL_get_servername(ssl(), TLSEXT_NAMETYPE_host_name);
if (hostname) {
hostname_ = hostname;
+ crypto_negotiated_params_->sni =
+ QuicHostnameUtils::NormalizeHostname(hostname_);
} else {
QUIC_LOG(INFO) << "No hostname indicated in SNI";
}
