Remove TlsServerHandshaker.hostname_.
Log the server address when cert lookup fails.
PiperOrigin-RevId: 374687179
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index bec64ef..efd4d27 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -787,18 +787,17 @@
// function do not work at this point, but SSL_get_servername does.
const char* hostname = SSL_get_servername(ssl(), TLSEXT_NAMETYPE_host_name);
if (hostname) {
- hostname_ = hostname;
crypto_negotiated_params_->sni =
- QuicHostnameUtils::NormalizeHostname(hostname_);
- if (!ValidateHostname(hostname_)) {
+ QuicHostnameUtils::NormalizeHostname(hostname);
+ if (!ValidateHostname(hostname)) {
return ssl_select_cert_error;
}
- if (hostname_ != crypto_negotiated_params_->sni) {
+ if (hostname != crypto_negotiated_params_->sni) {
QUIC_CODE_COUNT(quic_tls_server_hostname_diff);
QUIC_LOG_EVERY_N_SEC(WARNING, 300)
<< "Raw and normalized hostnames differ, but both are valid SNIs. "
"raw hostname:"
- << hostname_ << ", normalized:" << crypto_negotiated_params_->sni;
+ << hostname << ", normalized:" << crypto_negotiated_params_->sni;
} else {
QUIC_CODE_COUNT(quic_tls_server_hostname_same);
}
@@ -902,7 +901,9 @@
}
select_cert_status_ = QUIC_SUCCESS;
} else {
- QUIC_LOG(ERROR) << "No certs provided for host '" << hostname_ << "'";
+ QUIC_LOG(ERROR) << "No certs provided for host '"
+ << crypto_negotiated_params_->sni << "', server_address:"
+ << session()->connection()->self_address();
}
}
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h
index 93f231d..260b094 100644
--- a/quic/core/tls_server_handshaker.h
+++ b/quic/core/tls_server_handshaker.h
@@ -312,7 +312,6 @@
// nullopt means select cert hasn't started.
absl::optional<QuicAsyncStatus> select_cert_status_;
- std::string hostname_;
std::string cert_verify_sig_;
std::unique_ptr<ProofSource::Details> proof_source_details_;