Require on-the-wire SNI to pass IsValidSNI check This requirement existed in QUIC Crypto; it should exist when we run QUIC with TLS. Restrict sni in ietf quic draft versions. protected by reloadable flag quic_tls_enforce_valid_sni. PiperOrigin-RevId: 310054163 Change-Id: I9ffdea55c350e9c1592a71debb3fbb271eca7750

commit: e0f979c414ff989f93c0133912d6191f2db4ac3c [log] [tgz]
author: nharper <nharper@google.com> Tue May 05 17:31:55 2020 -0700
committer: Copybara-Service <copybara-worker@google.com> Tue May 05 17:32:25 2020 -0700
tree: 847ca0f9fa0f8c7609a78e5386d8a1fdd219e667
parent: da00058e9d3b82e9047bdd777bd07ddb558ee546 [diff] [blame]
diff --git a/quic/core/tls_client_handshaker.h b/quic/core/tls_client_handshaker.h
index fdd68c2..cc314b7 100644
--- a/quic/core/tls_client_handshaker.h
+++ b/quic/core/tls_client_handshaker.h

@@ -75,6 +75,7 @@
       std::unique_ptr<ApplicationState> application_state) override;
 
   void AllowEmptyAlpnForTests() { allow_empty_alpn_for_tests_ = true; }
+  void AllowInvalidSNIForTests() { allow_invalid_sni_for_tests_ = true; }
 
  protected:
   const TlsConnection* tls_connection() const override {
@@ -169,6 +170,7 @@
       crypto_negotiated_params_;
 
   bool allow_empty_alpn_for_tests_ = false;
+  bool allow_invalid_sni_for_tests_ = false;
 
   const bool has_application_state_;
commit	e0f979c414ff989f93c0133912d6191f2db4ac3c	[log] [tgz]
author	nharper <nharper@google.com>	Tue May 05 17:31:55 2020 -0700
committer	Copybara-Service <copybara-worker@google.com>	Tue May 05 17:32:25 2020 -0700
tree	847ca0f9fa0f8c7609a78e5386d8a1fdd219e667
parent	da00058e9d3b82e9047bdd777bd07ddb558ee546 [diff] [blame]