)]}'
{
  "commit": "0e7dbd579b5fbb72a5175ad865844a03f74489c4",
  "tree": "de5c5e4ad3a402056321e245a142623b5dd45389",
  "parents": [
    "f10ea55e9139d444d277cd03da519a2076e975dc"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Wed May 15 16:01:18 2019 -0400"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Thu Oct 03 21:12:43 2019 +0000"
  },
  "message": "Add an option for explicit renegotiations.\n\nChromium\u0027s renegotiation handling currently relies on reads being the only\nthing that can discover a renegotiation. However, for a number of reasons, we\nwould like to eagerly drive the read loop after a handshake:\n\n- 0-RTT + HTTP/1.1 will otherwise not pick up ServerHellos until after we send\n  a request. In particular, if we preconnect a 0-RTT socket sufficiently in\n  advance, such that the ServerHello comes in by the time we use it, we should\n  send 1-RTT data rather than 0-RTT.\n\n- In TLS 1.2 False Start, if HTTP/1.1 or preconnect, we will not pick up the\n  server Finished and NewSessionTicket until later. This way we pick it up\n  sooner.\n\n- If the server does not implement\n  https://boringssl-review.googlesource.com/c/boringssl/+/34948, this plugs the\n  theoretical deadlock on the client end. The False Start and 0-RTT scenarios\n  above also have theoretical deadlocks and cannot be mitigated on the server.\n\n- TLS 1.3 client certificate alerts interact badly with TCP reset. Eagerly\n  reading from the socket makes it behave slightly better, though it\u0027s still\n  not reliable unless the server defers closing the socket.\n\nSo we can SSL_peek without triggering a renegotiation, add an\nssl_renegotiate_explicit mode to defer processing the renegotiation.\n\nBug: chromium:950706, chromium:958638\nChange-Id: I78242d93d651b7a32a5c4c24ea9032ef63a027cf\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37944\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "6810a647939cddadca687177b7596bd439d4fbd2",
      "old_mode": 33188,
      "old_path": "include/openssl/ssl.h",
      "new_id": "8cd03be8fa69c330f472c2ad51c1b9ab1867e499",
      "new_mode": 33188,
      "new_path": "include/openssl/ssl.h"
    },
    {
      "type": "modify",
      "old_id": "ec3594c2e2743bec45e9da2cba0b9ebd9ec793b7",
      "old_mode": 33188,
      "old_path": "ssl/internal.h",
      "new_id": "c63558336cb0f5dc00b29fd98dc88f1e5a9077f3",
      "new_mode": 33188,
      "new_path": "ssl/internal.h"
    },
    {
      "type": "modify",
      "old_id": "41dd5889d392c8280b440dec819bf3d321ad2d30",
      "old_mode": 33188,
      "old_path": "ssl/s3_lib.cc",
      "new_id": "d7f8a85448784019eac24be427efefe13c8766f8",
      "new_mode": 33188,
      "new_path": "ssl/s3_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "11863129b0b9500bd3ca473feae568dabc3a451a",
      "old_mode": 33188,
      "old_path": "ssl/ssl_lib.cc",
      "new_id": "3deac7df66b728f5b81461ba4f7a170f19069128",
      "new_mode": 33188,
      "new_path": "ssl/ssl_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "2df005a219374f79f392a13a0571429de82f2496",
      "old_mode": 33188,
      "old_path": "ssl/ssl_test.cc",
      "new_id": "e70276278962b51b935ff73f4c0d1909bd808c98",
      "new_mode": 33188,
      "new_path": "ssl/ssl_test.cc"
    },
    {
      "type": "modify",
      "old_id": "261f6c6065c6881c44cc11f7f25fa3e46cd65c44",
      "old_mode": 33188,
      "old_path": "ssl/test/bssl_shim.cc",
      "new_id": "9bd389bd2b05214255bfd3bea53223142c6c7135",
      "new_mode": 33188,
      "new_path": "ssl/test/bssl_shim.cc"
    },
    {
      "type": "modify",
      "old_id": "4b1dcc8458d23936559155077966bb34fb734f6c",
      "old_mode": 33188,
      "old_path": "ssl/test/handshake_util.cc",
      "new_id": "fe96751cd0dd1dbe40450c1844b94c27c2bfbaae",
      "new_mode": 33188,
      "new_path": "ssl/test/handshake_util.cc"
    },
    {
      "type": "modify",
      "old_id": "5a4b0cc980c85e97231fecf2202933dacce2e356",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "758566a9ca490c3ed6fb23bf7f2b6f4721ee5c13",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    },
    {
      "type": "modify",
      "old_id": "bd32ce9d9d8457db86d6a551498b81fb055b100b",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.cc",
      "new_id": "8d8a068663ed8a3c81b1cff3436257402d4c67ef",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.cc"
    },
    {
      "type": "modify",
      "old_id": "ce4b41649cf01777662cd0c72ae44745dee92810",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.h",
      "new_id": "8c25ed207b2e6d05d6bce70da9e6000cdbfaddd5",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.h"
    },
    {
      "type": "modify",
      "old_id": "2364286f214959d36f4262ccc6e1626dff2dcf08",
      "old_mode": 33188,
      "old_path": "ssl/test/test_state.h",
      "new_id": "2aa9e30c998986efb67803545dbe7deef8453ac8",
      "new_mode": 33188,
      "new_path": "ssl/test/test_state.h"
    }
  ]
}