| commit | 5b786dfeb069f03bad6cde7efeedbe643f4f0c84 | [log] [tgz] |
|---|---|---|
| author | wub <wub@google.com> | Wed Dec 01 15:11:38 2021 -0800 |
| committer | Copybara-Service <copybara-worker@google.com> | Wed Dec 01 15:12:33 2021 -0800 |
| tree | 4e19e7d5b7d477f905a68c8720c014580da82c45 | |
| parent | 0d5d9b338f480bd5256eb58edb06a950d1f77583 [diff] |
Automated g4 rollback of changelist 291429810. *** Reason for rollback *** No needed for mTLS. quic::TlsHandshaker::VerifyCert is sufficient for a QUIC server to verify client certs. *** Original change description *** Add a ServerProofVerifier interface to QUIC. This is a server-side equivalent of ProofVerifier. It is used to verify a client's certificate chain. It will only be used when the server needs to request client certificates. ServerProofVerifier drops the VerifyProof() function (not used in TLS 1.3) and the |hostname|, |ocsp_response|, and |cert_sct| parameters of VerifyCertChain() (those aren't really meaningful to a server). See go/quic-tls-client-certificates for the full design doc and cont... *** PiperOrigin-RevId: 413521549
QUICHE stands for QUIC, Http/2, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.
There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:
To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:
To contribute to QUICHE, follow instructions at CONTRIBUTING.md.
QUICHE is only supported on little-endian platforms.