Google Git
Sign in
quiche / quiche / 6ebe83b7608c717c4568d8cdf775f51a05d69c77^! / . / quic / core / crypto / quic_crypto_server_config.cc
commit6ebe83b7608c717c4568d8cdf775f51a05d69c77[log] [tgz]
authornharper <nharper@google.com>Thu Jun 13 17:43:52 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Fri Jun 14 09:41:02 2019 -0700
treebfba35a4a132df62258475a5b2c3fa1a1d455b9e
parentf245d294d1705f5bd4b3df83296dbbd9feff0449 [diff] [blame]
Refactor TlsHandshaker classes

QuicCryptoClientConfig and QuicCryptoServerConfig each own an SSL_CTX,
which is currently created by TlsHandshaker. Those crypto config classes
can't take a dependency on TlsHandshaker (because TlsHandshaker depends on
classes have a dependency in the other direction), resulting in the SSL_CTX
being passed into the crypto config constructors. The SSL_CTX shouldn't be
exposed like this, as it's essentially an implementation detail of the
crypto handshake.

This CL splits TlsHandshaker in two. TlsConnection (and its subclasses) are
in quic/core/crypto, and handle the callbacks from BoringSSL. In turn, it
passes the implementation of those callbacks to a delegate. TlsHandshaker
implements this delegate and owns the TlsConnection.

gfe-relnote: refactor TLS handshake classes in QUIC; not flag protected
PiperOrigin-RevId: 253140899
Change-Id: Ie907a7f61798c29a385be15ea0f53403b86508ab

diff --git a/quic/core/crypto/quic_crypto_server_config.cc b/quic/core/crypto/quic_crypto_server_config.cc
index 9d70641..24d0500 100644
--- a/quic/core/crypto/quic_crypto_server_config.cc
+++ b/quic/core/crypto/quic_crypto_server_config.cc

@@ -27,6 +27,7 @@
 #include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h"
 #include "net/third_party/quiche/src/quic/core/crypto/quic_hkdf.h"
 #include "net/third_party/quiche/src/quic/core/crypto/quic_random.h"
+#include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h"
 #include "net/third_party/quiche/src/quic/core/proto/crypto_server_config.pb.h"
 #include "net/third_party/quiche/src/quic/core/proto/source_address_token.pb.h"
 #include "net/third_party/quiche/src/quic/core/quic_packets.h"
@@ -231,6 +232,17 @@
     QuicStringPiece source_address_token_secret,
     QuicRandom* server_nonce_entropy,
     std::unique_ptr<ProofSource> proof_source,
+    std::unique_ptr<KeyExchangeSource> key_exchange_source)
+    : QuicCryptoServerConfig(source_address_token_secret,
+                             server_nonce_entropy,
+                             std::move(proof_source),
+                             std::move(key_exchange_source),
+                             TlsServerConnection::CreateSslCtx()) {}
+
+QuicCryptoServerConfig::QuicCryptoServerConfig(
+    QuicStringPiece source_address_token_secret,
+    QuicRandom* server_nonce_entropy,
+    std::unique_ptr<ProofSource> proof_source,
     std::unique_ptr<KeyExchangeSource> key_exchange_source,
     bssl::UniquePtr<SSL_CTX> ssl_ctx)
     : replay_protection_(true),