In QUIC, when TLS 0-rtt is rejected, disable early data in all cached session tickets that are associated with that server.
Protected by disabled flag quic_enable_zero_rtt_for_tls.
Merge instructions: Please leave the implementation for the new API empty. I will fix that.
PiperOrigin-RevId: 312771280
Change-Id: Ib96b050d088ce1629c67c4f443e89d224d4432d2
diff --git a/quic/core/crypto/quic_crypto_client_config.h b/quic/core/crypto/quic_crypto_client_config.h
index 9a87556..6f057c2 100644
--- a/quic/core/crypto/quic_crypto_client_config.h
+++ b/quic/core/crypto/quic_crypto_client_config.h
@@ -76,6 +76,10 @@
virtual std::unique_ptr<QuicResumptionState> Lookup(
const QuicServerId& server_id,
const SSL_CTX* ctx) = 0;
+
+ // Called when 0-RTT is rejected. Disables early data for all the TLS tickets
+ // associated with |server_id|.
+ virtual void ClearEarlyData(const QuicServerId& server_id) = 0;
};
// QuicCryptoClientConfig contains crypto-related configuration settings for a
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index b3cfc0a..4c4dbab 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -520,8 +520,10 @@
void TlsClientHandshaker::HandleZeroRttReject() {
QUIC_LOG(INFO) << "0-RTT handshake attempted but was rejected by the server";
+ DCHECK(session_cache_);
handshaker_delegate()->OnZeroRttRejected();
SSL_reset_early_data_reject(ssl());
+ session_cache_->ClearEarlyData(server_id_);
AdvanceHandshake();
}
