Google Git
Sign in
quiche / quiche / 7e93824d255e3ec24fb4581a809647d8c360373d
commit7e93824d255e3ec24fb4581a809647d8c360373d[log] [tgz]
authordmcardle <dmcardle@google.com>Thu Oct 23 07:36:19 2025 -0700
committerCopybara-Service <copybara-worker@google.com>Thu Oct 23 07:37:19 2025 -0700
tree6a82986c0b96b002d3d35e6435d7ad601ebb72be
parent42cbfedd76691c19af012a3d717fca07d7b09cc9 [diff]
Rework the ProofSource::GetCertChains() interface

Prior to this CL, GetCertChains() was expected to return all available chains, regardless of whether they matched SNI, but the documentation was a little muddled. Now, it's explicitly required to return chains that either all match SNI or all do *not* match SNI. To that end, GetCertChains() now has a more expressive return type.

I've also snuck in an improvement that enables us to use Abseil nullability attributes on variables of type QuicheReferenceCountedPointer<T>, which helped nail down an aspect of the new return type.

GetCertChains() has no callers outside of tests, so we can make these changes without flag protection.

PiperOrigin-RevId: 823034457
4 files changed
tree: 6a82986c0b96b002d3d35e6435d7ad601ebb72be
  1. build/
  2. depstool/
  3. quiche/
  4. .bazelrc
  5. .bazelversion
  6. BUILD.bazel
  7. CONTRIBUTING.md
  8. LICENSE
  9. MODULE.bazel
  10. MODULE.bazel.lock
  11. README.md
  12. WHITESPACE
README.md

QUICHE

QUICHE stands for QUIC, Http, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.

There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:

To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:

To contribute to QUICHE, follow instructions at CONTRIBUTING.md.

QUICHE is only supported on little-endian platforms.

Build and run standalone QUICHE

QUICHE has binaries that can run on Linux platforms.

Follow the instructions to install Bazel.

sudo apt install libicu-dev clang lld
cd <directory that will be the root of your quiche implmentation>
git clone https://github.com/google/quiche.git
cd quiche
CC=clang bazel build -c opt //...
./bazel-bin/quiche/<target_name> <arguments>

There are several targets that can be built and then run. Full usage instructions are available using the --helpfull flag on any binary.

  • quic_packet_printer: from a provided packet, parses and prints out the contents that are accessible without decryption.

Usage: quic_packet_printer server|client <hex dump of packet>

  • crypto_message_printer: dumps the contents of a QUIC crypto handshake message in a human readable format.

Usage: crypto_message_printer_bin <hex of message>

  • quic_client: connects to a host using QUIC and HTTP/3, sends a request to the provided URL, and displays the response.

Usage: quic_client <URL>

  • quic_server: listens forever on --port (default 6121) until halted via ctrl-c.

  • masque_client: tunnels to a URL via an identified proxy (See RFC 9298).

Usage: masque_client [options] <proxy-url> <urls>

  • masque_server: a MASQUE tunnel proxy that defaults to port 9661.

Usage: masque_server

  • web_transport_test_server: a server that clients can connect to via WebTransport.

  • moqt_relay: a relay for the Media Over QUIC transport for publishers and subscribers can connect to.

Usage: moqt_relay