Automated g4 rollback of changelist 291429810.

*** Reason for rollback ***

No needed for mTLS. quic::TlsHandshaker::VerifyCert is sufficient for a QUIC server to verify client certs.

*** Original change description ***

Add a ServerProofVerifier interface to QUIC.

This is a server-side equivalent of ProofVerifier.  It is used to verify a
client's certificate chain.  It will only be used when the server needs to
request client certificates.

ServerProofVerifier drops the VerifyProof() function (not used in TLS 1.3) and
the |hostname|, |ocsp_response|, and |cert_sct| parameters of VerifyCertChain()
(those aren't really meaningful to a server).

See go/quic-tls-client-certificates for the full design doc and cont...


PiperOrigin-RevId: 413521549
2 files changed
tree: 4e19e7d5b7d477f905a68c8720c014580da82c45
  1. common/
  2. epoll_server/
  3. http2/
  4. quic/
  5. spdy/


QUICHE stands for QUIC, Http/2, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.

There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:

To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:

To contribute to QUICHE, follow instructions at

QUICHE is only supported on little-endian platforms.