| commit | c778a4cb8f29d36d0ae4ce79a5411924a8be7748 | [log] [tgz] |
|---|---|---|
| author | davidben <davidben@google.com> | Tue May 16 15:54:34 2023 -0700 |
| committer | Copybara-Service <copybara-worker@google.com> | Tue May 16 15:55:30 2023 -0700 |
| tree | 0265f0df6cd793540297c32e3ecb204fc577800c | |
| parent | 0f4b41a67693b06a21111739d4a476e820cdd747 [diff] |
Log encrypted ClientHellos through QuicConnectionDebugVisitor As TLS messages are encrypted, it can be useful to log the cleartext versions for debugging. QUIC already has callbacks to observe CRYPTO frames, so we, broadly, already do this. However, when ECH is enabled, the ClientHelloInner is sent encrypted. For debugging, BoringSSL exposes this through the message callback under a custom "content type". Chromium, when using ECH over TCP, exposes this through NetLog. This CL registers the same callback in QUICHE and exports it out of QuicConnectionDebugVisitor. I went ahead and did both sending (client) and receiving (server), though receiving is currently moot since we don't do ECH for QUIC servers yet. PiperOrigin-RevId: 532598203
QUICHE stands for QUIC, Http, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.
There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:
To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:
To contribute to QUICHE, follow instructions at CONTRIBUTING.md.
QUICHE is only supported on little-endian platforms.