Add mTLS support for IETF QUIC.

In QUICHE, this CL adds the code that allows embeders to enable TLS client certificates. In GFE, this CL adds client cert support for Google domains in two types of client cert configurations:
Other config types are not supported and will cause QUIC_HANDSHAKE_FAILED if such request is received.

Protected by FLAGS_quic_restart_flag_quic_tls_server_support_client_cert.

PiperOrigin-RevId: 407133294
15 files changed
tree: 3de448b6fa8fe5b99a504be8d70ece98f43de7c0
  1. common/
  2. epoll_server/
  3. http2/
  4. quic/
  5. spdy/


QUICHE stands for QUIC, Http/2, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.

There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:

To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:

To contribute to QUICHE, follow instructions at

QUICHE is only supported on little-endian platforms.