| commit | a4436e6ca93131073f4c64ba41ff983465ca52de | [log] [tgz] |
|---|---|---|
| author | wub <wub@google.com> | Wed May 26 07:11:57 2021 -0700 |
| committer | Copybara-Service <copybara-worker@google.com> | Wed May 26 07:12:33 2021 -0700 |
| tree | 3cffb813577aea768a6e0bef2e976e64c1c422fc | |
| parent | 45f2d233cd6d27915b06fa287c2f7b61ba142b46 [diff] |
For TLS QUIC, add a validity check after full CHLO is extracted. Connections failing the check will be rejected. The same check already exists for QUIC crypto, but it is moved to the new ValidityChecksOnFullChlo function if the flag is true. Tested by spliting GFE's QUIC e2e test to gQUIC and IETF versions. (Tests that are not parameterized on QUIC versions are currently only tested with gQUIC.) Protected by FLAGS_quic_reloadable_flag_quic_tls_validity_check_on_full_chlo. PiperOrigin-RevId: 375935730
QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects. QUICHE is only supported on little-endian platforms.
Code can be viewed in CodeSearch in Quiche and is imported into Chromium.