Deprecate --gfe2_reloadable_flag_quic_tls_use_normalized_sni_for_cert_selectioon.
PiperOrigin-RevId: 369499385
Change-Id: I4dc325fbfc3ab7d44122d53c5bab33b33ac71afc
diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index e04ea7c..040ac4e 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -65,7 +65,6 @@
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_start_peer_migration_earlier, true)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_testonly_default_false, false)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_testonly_default_true, true)
-QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_tls_use_normalized_sni_for_cert_selectioon, true)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_unified_iw_options, false)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_use_connection_id_on_default_path, false)
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_use_encryption_level_context, true)
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 5906c44..85a984d 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -577,7 +577,7 @@
QuicAsyncStatus status = proof_source_handle_->ComputeSignature(
session()->connection()->self_address(),
- session()->connection()->peer_address(), cert_selection_hostname(),
+ session()->connection()->peer_address(), crypto_negotiated_params_->sni,
sig_alg, in, max_out);
if (status == QUIC_PENDING) {
set_expected_ssl_error(SSL_ERROR_WANT_PRIVATE_KEY_OPERATION);
@@ -814,7 +814,7 @@
const QuicAsyncStatus status = proof_source_handle_->SelectCertificate(
session()->connection()->self_address(),
- session()->connection()->peer_address(), cert_selection_hostname(),
+ session()->connection()->peer_address(), crypto_negotiated_params_->sni,
absl::string_view(
reinterpret_cast<const char*>(client_hello->client_hello),
client_hello->client_hello_len),
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 738bfe9..b853462 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h
@@ -96,14 +96,6 @@
virtual bool ValidateHostname(const std::string& hostname) const;
- // The hostname to be used to select certificates and compute signatures.
- // The function should only be called after a successful ValidateHostname().
- const std::string& cert_selection_hostname() const {
- return use_normalized_sni_for_cert_selection_
- ? crypto_negotiated_params_->sni
- : hostname_;
- }
-
const TlsConnection* tls_connection() const override {
return &tls_connection_;
}
@@ -327,8 +319,6 @@
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
crypto_negotiated_params_;
TlsServerConnection tls_connection_;
- const bool use_normalized_sni_for_cert_selection_ =
- GetQuicReloadableFlag(quic_tls_use_normalized_sni_for_cert_selectioon);
const QuicCryptoServerConfig* crypto_config_; // Unowned.
};
diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc
index e146e0b..7f8c252 100644
--- a/quic/core/tls_server_handshaker_test.cc
+++ b/quic/core/tls_server_handshaker_test.cc
@@ -557,13 +557,8 @@
EXPECT_EQ(server_stream()->crypto_negotiated_params().sni,
"test.example.com");
- if (GetQuicReloadableFlag(quic_tls_use_normalized_sni_for_cert_selectioon)) {
- EXPECT_EQ(last_select_cert_args().hostname, "test.example.com");
- EXPECT_EQ(last_compute_signature_args().hostname, "test.example.com");
- } else {
- EXPECT_EQ(last_select_cert_args().hostname, "tEsT.EXAMPLE.CoM");
- EXPECT_EQ(last_compute_signature_args().hostname, "tEsT.EXAMPLE.CoM");
- }
+ EXPECT_EQ(last_select_cert_args().hostname, "test.example.com");
+ EXPECT_EQ(last_compute_signature_args().hostname, "test.example.com");
}
TEST_P(TlsServerHandshakerTest, ConnectionClosedOnTlsError) {