Google Git
Sign in
quiche / quiche / 8b353f389af49f667b4b10060f9f2b0abd5a05fe^! / . / quic / core / quic_crypto_client_stream.h
commit8b353f389af49f667b4b10060f9f2b0abd5a05fe[log] [tgz]
authorQUICHE team <quiche-dev@google.com>Tue Apr 09 13:49:10 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Tue Apr 09 16:20:43 2019 -0700
tree00d9ca8574e5930fe4735b4cad22633ad0c50e5b
parent66dea072431f94095dfc3dd2743cb94ef365f7ef [diff] [blame]
Test QUIC behavior in the worst-case Leto fallback situation

Today, the worst-case QUIC handshake involves sending three CHLO messages.  With Leto, that increases to four, since if GFE realizes that Leto is down, it will reject an otherwise-kosher CHLO in order to swap out the ServerConfig whose private key lives on Leto for one generated locally on the GFE.

QUIC clients limit the number of CHLOs they're willing to send per handshake to three.  This CL's intent is to increase that limit to four.

However, there is a bug in the QUIC client-side CHLO counting code, which means that the de facto limit was actually four all along.  In order to avoid confusion, this CL both increases the constant from three to four, and also fixes the conditional so that the actual limit remains four.

The CHLO-limiting constant is checked in one other spot, but since we're increasing it the change should have no observable effect there.

This CL also adds a test for this behavior, which creates a gigantic certificate to force a three-CHLO handshake, and then brings down Leto to force a four-CHLO handshake, and explicitly verifies the number of CHLOs.

gfe-relnote: Test changes only in GFE code, no-op changes in QUIC code.
PiperOrigin-RevId: 242732499
Change-Id: I7e83ac37269ee5e8d541d058c3f851d0d9a7ff06

diff --git a/quic/core/quic_crypto_client_stream.h b/quic/core/quic_crypto_client_stream.h
index 3518fa7..d0e4ee1 100644
--- a/quic/core/quic_crypto_client_stream.h
+++ b/quic/core/quic_crypto_client_stream.h

@@ -46,12 +46,15 @@
     : public QuicCryptoClientStreamBase {
  public:
   // kMaxClientHellos is the maximum number of times that we'll send a client
-  // hello. The value 3 accounts for:
+  // hello. The value 4 accounts for:
   //   * One failure due to an incorrect or missing source-address token.
   //   * One failure due the server's certificate chain being unavailible and
   //     the server being unwilling to send it without a valid source-address
   //     token.
-  static const int kMaxClientHellos = 3;
+  //   * One failure due to the ServerConfig private key being located on a
+  //     remote oracle which has become unavailable, forcing the server to send
+  //     the client a fallback ServerConfig.
+  static const int kMaxClientHellos = 4;
 
   // QuicCryptoClientStream creates a HandshakerDelegate at construction time
   // based on the QuicTransportVersion of the connection. Different