Deprecate --gfe2_reloadable_flag_quic_tls_validity_check_on_full_chlo.
PiperOrigin-RevId: 381868236
diff --git a/quic/core/quic_dispatcher.cc b/quic/core/quic_dispatcher.cc
index de5cb83..6518754 100644
--- a/quic/core/quic_dispatcher.cc
+++ b/quic/core/quic_dispatcher.cc
@@ -206,8 +206,7 @@
sni_ = std::string(sni);
}
absl::string_view uaid_value;
- if (validity_check_on_full_chlo_ &&
- chlo.GetStringPiece(quic::kUAID, &uaid_value)) {
+ if (chlo.GetStringPiece(quic::kUAID, &uaid_value)) {
uaid_ = std::string(uaid_value);
}
if (version == LegacyVersionForEncapsulation().transport_version) {
@@ -228,16 +227,11 @@
return std::move(legacy_version_encapsulation_inner_packet_);
}
- void set_validity_check_on_full_chlo(bool value) {
- validity_check_on_full_chlo_ = value;
- }
-
private:
std::string alpn_;
std::string sni_;
std::string uaid_;
std::string legacy_version_encapsulation_inner_packet_;
- bool validity_check_on_full_chlo_ = false;
};
bool MaybeHandleLegacyVersionEncapsulation(
@@ -672,9 +666,7 @@
}
// Client Hello fully received.
- if (packet_info->validity_check_on_full_chlo) {
- fate = ValidityChecksOnFullChlo(*packet_info, sni, uaid, alpns);
- }
+ fate = ValidityChecksOnFullChlo(*packet_info, sni, uaid, alpns);
if (fate == kFateProcess) {
QUICHE_DCHECK(legacy_version_encapsulation_inner_packet.empty() ||
@@ -764,9 +756,6 @@
}
ChloAlpnSniExtractor alpn_extractor;
- alpn_extractor.set_validity_check_on_full_chlo(
- packet_info.validity_check_on_full_chlo);
-
if (GetQuicFlag(FLAGS_quic_allow_chlo_buffering) &&
!ChloExtractor::Extract(packet_info.packet, packet_info.version,
config_->create_session_tag_indicators(),
diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index c4fc7e6..210b516 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -121,8 +121,6 @@
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_conservative_cwnd_and_pacing_gains, false)
// If true, validate that peer owns the new address once the server detects peer migration or is probed from that address, and also apply anti-amplification limit while sending to that address.
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_server_reverse_validate_new_path3, true)
-// If ture, TLS QUIC will add a validity check after full CHLO is extracted, connections failing the check will be rejected. Also, the existing check for QUIC crypto is moved to ValidityChecksOnFullChlo.
-QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_tls_validity_check_on_full_chlo, true)
// If ture, replace the incoming_connection_ids check with original_destination_connection_id check.
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_deprecate_incoming_connection_ids, true)
// When the STMP connection option is sent by the client, timestamps in the QUIC ACK frame are sent and processed.
diff --git a/quic/core/quic_packets.cc b/quic/core/quic_packets.cc
index 9849932..d625b5d 100644
--- a/quic/core/quic_packets.cc
+++ b/quic/core/quic_packets.cc
@@ -567,9 +567,7 @@
version_label(0),
version(ParsedQuicVersion::Unsupported()),
destination_connection_id(EmptyQuicConnectionId()),
- source_connection_id(EmptyQuicConnectionId()),
- validity_check_on_full_chlo(
- GetQuicReloadableFlag(quic_tls_validity_check_on_full_chlo)) {}
+ source_connection_id(EmptyQuicConnectionId()) {}
ReceivedPacketInfo::~ReceivedPacketInfo() {}
diff --git a/quic/core/quic_packets.h b/quic/core/quic_packets.h
index 47d9b72..a3fc59d 100644
--- a/quic/core/quic_packets.h
+++ b/quic/core/quic_packets.h
@@ -455,8 +455,6 @@
ParsedQuicVersion version;
QuicConnectionId destination_connection_id;
QuicConnectionId source_connection_id;
- // Latched --quic_tls_validity_check_on_full_chlo.
- const bool validity_check_on_full_chlo;
};
} // namespace quic