gfe-relnote: In QUIC with TLS, do not proceed in SetWriteSecret if connection has been closed. Protected by gfe2_reloadable_flag_quic_notify_handshaker_on_connection_close. PiperOrigin-RevId: 309753183 Change-Id: I829b92d82ca84f85ab60aa09940a3b205641a34b

commit: a6a85a8059f31263fdae813e5d47e304cf293cad [log] [tgz]
author: fayang <fayang@google.com> Mon May 04 08:58:53 2020 -0700
committer: Copybara-Service <copybara-worker@google.com> Mon May 04 08:59:37 2020 -0700
tree: 91c71df34d34d989ce637080d6b786d6fded0fed
parent: 9a31bd55ff106cbe33c9d93861aa80855a04aefa [diff] [blame]
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index d6435ff..324c378 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc

@@ -305,6 +305,11 @@
   initial_keys_dropped_ = true;
 }
 
+void TlsClientHandshaker::OnConnectionClosed(QuicErrorCode /*error*/,
+                                             ConnectionCloseSource /*source*/) {
+  state_ = STATE_CONNECTION_CLOSED;
+}
+
 void TlsClientHandshaker::OnHandshakeDoneReceived() {
   if (!one_rtt_keys_available_) {
     CloseConnection(QUIC_HANDSHAKE_FAILED,
@@ -318,6 +323,9 @@
     EncryptionLevel level,
     const SSL_CIPHER* cipher,
     const std::vector<uint8_t>& write_secret) {
+  if (state_ == STATE_CONNECTION_CLOSED) {
+    return;
+  }
   if (level == ENCRYPTION_FORWARD_SECURE) {
     encryption_established_ = true;
   }
commit	a6a85a8059f31263fdae813e5d47e304cf293cad	[log] [tgz]
author	fayang <fayang@google.com>	Mon May 04 08:58:53 2020 -0700
committer	Copybara-Service <copybara-worker@google.com>	Mon May 04 08:59:37 2020 -0700
tree	91c71df34d34d989ce637080d6b786d6fded0fed
parent	9a31bd55ff106cbe33c9d93861aa80855a04aefa [diff] [blame]