Land Recent QUIC Changes.
Removing QUIC version 22.
This includes removing the (deprecated) congestion feedback frame, and
all of the ancilliary data which is safe to remove. The one unfortunate
oversight is that sending the (now unused) congestion feedback
configuration option is still required, so that is moved to optional but
must be sent until all versions expecting it have been sunset. Bleh.
Merge internal change: 83969804
https://codereview.chromium.org/859163002/
Deprecate FLAGS_quic_disallow_multiple_pending_ack_frames.
Merge internal change: 83791744
https://codereview.chromium.org/864633002/
Deprecate FLAGS_quic_empty_data_no_fin_early_return.
Merge internal change: 83788904
https://codereview.chromium.org/863843002/
Limit the number of connections on the QUIC time wait list
Currently, the only way in which we limit the time-wait list is to
prevent any connection from staying on the list for more than a
configured number of seconds (currently 5). In theory, if we got
spammed with enough connection open/close in a 5 second period, the
list could get unreasonably long.
Added a flag for hard-limiting the actual length of the list.
Add hard-limit to QUIC time-wait list length. Protected
by FLAGS_quic_limit_time_wait_liste_size.
Merge internal change: 83769362
https://codereview.chromium.org/862793002/
Going through quic_flags.cc I noticed a stale flag which was never
ENABLED, but has been true via flags since flags push in July.
Given that this flag is only relevant in the frontline internal servers,
and it's been true there for months thanks to avd@ getting the
reloadable flags working, I'm claiming we can skip the normal process
and just kill it off as if it had been true in the binary.
Speak now or forever hold your peace!
Removing DEFINED flag FLAGS_send_quic_crypto_reject_reason
Merge internal change: 83752616
https://codereview.chromium.org/851403002/
quic_client_bin.cc now supports secure QUIC, and will try and use secure
QUIC if --port=443
Merge internal change: 83647038
https://codereview.chromium.org/807023009/
Tiny cleanup of QuicPacketGenerator::ConsumeData to simplify an expression.
Merge internal change: 83647200
https://codereview.chromium.org/855163002/
Correctly plumb QUIC priorities down to the SPDY framing on the headers
stream.
Merge internal change: 84162114
https://codereview.chromium.org/818543006/
[email protected]
Review URL: https://codereview.chromium.org/864673002
Cr-Commit-Position: refs/heads/master@{#312370}
diff --git a/net/tools/quic/quic_client_bin.cc b/net/tools/quic/quic_client_bin.cc
index dcebd39a9..3800944 100644
--- a/net/tools/quic/quic_client_bin.cc
+++ b/net/tools/quic/quic_client_bin.cc
@@ -48,6 +48,9 @@
#include "base/strings/string_util.h"
#include "net/base/ip_endpoint.h"
#include "net/base/privacy_mode.h"
+#include "net/cert/cert_verifier.h"
+#include "net/http/transport_security_state.h"
+#include "net/quic/crypto/proof_verifier_chromium.h"
#include "net/quic/quic_protocol.h"
#include "net/quic/quic_server_id.h"
#include "net/quic/quic_utils.h"
@@ -57,6 +60,9 @@
#include "url/gurl.h"
using base::StringPiece;
+using net::CertVerifier;
+using net::ProofVerifierChromium;
+using net::TransportSecurityState;
using std::cout;
using std::cerr;
using std::map;
@@ -171,8 +177,9 @@
VLOG(1) << "Resolved " << host << " to " << host_port << endl;
// Build the client, and try to connect.
+ bool is_https = (FLAGS_port == 443);
net::EpollServer epoll_server;
- net::QuicServerId server_id(host, FLAGS_port, /*is_https=*/false,
+ net::QuicServerId server_id(host, FLAGS_port, is_https,
net::PRIVACY_MODE_DISABLED);
net::QuicVersionVector versions = net::QuicSupportedVersions();
if (FLAGS_quic_version != -1) {
@@ -181,6 +188,16 @@
}
net::tools::QuicClient client(net::IPEndPoint(ip_addr, FLAGS_port), server_id,
versions, &epoll_server);
+ scoped_ptr<CertVerifier> cert_verifier;
+ scoped_ptr<TransportSecurityState> transport_security_state;
+ if (is_https) {
+ // For secure QUIC we need to verify the cert chain.a
+ cert_verifier.reset(CertVerifier::CreateDefault());
+ transport_security_state.reset(new TransportSecurityState);
+ // TODO(rtenneti): Fix "Proof invalid: Missing context" error.
+ client.SetProofVerifier(new ProofVerifierChromium(
+ cert_verifier.get(), transport_security_state.get()));
+ }
if (!client.Initialize()) {
cerr << "Failed to initialize client." << endl;
return 1;
