commit 38c190b7c7111fb0c6321db9e0840290edea8186
author QUICHE team <quiche-dev@google.com> Wed May 08 09:12:01 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Wed May 08 13:47:14 2019 -0700
tree 58b138c157f8dc6cd6286b3b6a2ba92f0b793238
parent 87c39c1ba976f007fdcc8f2f4e02231c3217eb01

Add arguments to ProofVerifier::VerifyCertChain for stapled OCSP response and SignedCertificateTimestampList.

gfe-relnote: n/a - protected by existing disabled flag --quic_supports_tls_handshake
PiperOrigin-RevId: 247224979
Change-Id: I5ff6668c186eabf117b1605c86b65b0938ff3c38

quic/core/tls_client_handshaker.cc

diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 3f2a725..1087844 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -340,12 +340,22 @@
         std::string(reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert)),
                     CRYPTO_BUFFER_len(cert)));
   }
+  const uint8_t* ocsp_response_raw;
+  size_t ocsp_response_len;
+  SSL_get0_ocsp_response(ssl(), &ocsp_response_raw, &ocsp_response_len);
+  std::string ocsp_response(reinterpret_cast<const char*>(ocsp_response_raw),
+                            ocsp_response_len);
+  const uint8_t* sct_list_raw;
+  size_t sct_list_len;
+  SSL_get0_signed_cert_timestamp_list(ssl(), &sct_list_raw, &sct_list_len);
+  std::string sct_list(reinterpret_cast<const char*>(sct_list_raw),
+                       sct_list_len);
 
   ProofVerifierCallbackImpl* proof_verify_callback =
       new ProofVerifierCallbackImpl(this);
 
   QuicAsyncStatus verify_result = proof_verifier_->VerifyCertChain(
-      server_id_.host(), certs, verify_context_.get(),
+      server_id_.host(), certs, ocsp_response, sct_list, verify_context_.get(),
       &cert_verify_error_details_, &verify_details_,
       std::unique_ptr<ProofVerifierCallback>(proof_verify_callback));
   switch (verify_result) {