)]}'
{
  "commit": "fd32089f476f682c153376234dfc2be5251dd942",
  "tree": "84a47bee88b5988150387f0a9cb0548b4b015d94",
  "parents": [
    "75148d7abf12bdd1797fec3c5da9a21963703516"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Tue Nov 19 14:00:36 2019 +0800"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Wed Nov 27 14:15:33 2019 +0000"
  },
  "message": "Defer releasing early secrets to QUIC servers.\n\nWe want the QUIC/TLS interface to never release a read key without the\ncorresponding write key for ACKs. This is mostly done by shipping both keys\nsimultaneously, but 0-RTT is weird because it is ACKed by 1-RTT.\n\nNote this means we actually release 0-RTT keys to the server *after* the 1-RTT\nkeys. This is kinda weird but more directly maintains our invariant.\n\n(We may want to revisit the key configuring API in light of\nhttps://github.com/quicwg/base-drafts/issues/3159 and\nhttps://github.com/quicwg/base-drafts/issues/3173, but start with this more\nlocal tweak.)\n\nBug: 303\nChange-Id: I317fe6ae8150533738373c219f19d3034bb040ad\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38884\nCommit-Queue: Steven Valdez \u003csvaldez@google.com\u003e\nReviewed-by: Nick Harper \u003cnharper@google.com\u003e\nReviewed-by: Steven Valdez \u003csvaldez@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "8fbf698e28757c5f6d52fde7bb431b000b95d680",
      "old_mode": 33188,
      "old_path": "ssl/ssl_test.cc",
      "new_id": "6211c5623f0f02fa74e0990ff957ea9e677dfd7a",
      "new_mode": 33188,
      "new_path": "ssl/ssl_test.cc"
    },
    {
      "type": "modify",
      "old_id": "d8115f53cc5ea231ade073acd366cbec5edd5361",
      "old_mode": 33188,
      "old_path": "ssl/tls13_server.cc",
      "new_id": "c74d8346a3a70768188b250182e06ec895a0cb77",
      "new_mode": 33188,
      "new_path": "ssl/tls13_server.cc"
    }
  ]
}