Move cert verification from TlsClientHandshaker to TlsHandshaker
Protected by not protected.
PiperOrigin-RevId: 340749853
Change-Id: If973adbd9d4edbbf9b1d06654f9d4067adfca38f
diff --git a/quic/core/crypto/tls_client_connection.cc b/quic/core/crypto/tls_client_connection.cc
index 7908847..0591571 100644
--- a/quic/core/crypto/tls_client_connection.cc
+++ b/quic/core/crypto/tls_client_connection.cc
@@ -13,9 +13,9 @@
// static
bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx(
bool enable_early_data) {
- bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx();
+ bssl::UniquePtr<SSL_CTX> ssl_ctx =
+ TlsConnection::CreateSslCtx(SSL_VERIFY_PEER);
// Configure certificate verification.
- SSL_CTX_set_custom_verify(ssl_ctx.get(), SSL_VERIFY_PEER, &VerifyCallback);
int reverify_on_resume_enabled = 1;
SSL_CTX_set_reverify_on_resume(ssl_ctx.get(), reverify_on_resume_enabled);
@@ -29,14 +29,6 @@
}
// static
-enum ssl_verify_result_t TlsClientConnection::VerifyCallback(
- SSL* ssl,
- uint8_t* out_alert) {
- return static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl))
- ->delegate_->VerifyCert(out_alert);
-}
-
-// static
int TlsClientConnection::NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl))
->delegate_->InsertSession(bssl::UniquePtr<SSL_SESSION>(session));
