blob: c6a45c4b834985eb4ace95537210331620d0b8d8 [file] [log] [blame]
// Copyright (c) 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quic/core/crypto/tls_client_connection.h"
namespace quic {
TlsClientConnection::TlsClientConnection(SSL_CTX* ssl_ctx, Delegate* delegate)
: TlsConnection(ssl_ctx, delegate->ConnectionDelegate()),
delegate_(delegate) {}
// static
bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx(
bool enable_early_data) {
bssl::UniquePtr<SSL_CTX> ssl_ctx =
TlsConnection::CreateSslCtx(SSL_VERIFY_PEER);
// Configure certificate verification.
int reverify_on_resume_enabled = 1;
SSL_CTX_set_reverify_on_resume(ssl_ctx.get(), reverify_on_resume_enabled);
// Configure session caching.
SSL_CTX_set_session_cache_mode(
ssl_ctx.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
SSL_CTX_set_early_data_enabled(ssl_ctx.get(), enable_early_data);
return ssl_ctx;
}
// static
int TlsClientConnection::NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl))
->delegate_->InsertSession(bssl::UniquePtr<SSL_SESSION>(session));
return 1;
}
} // namespace quic