)]}'
{
  "commit": "58e533017762cf744e2144fbb0d199020cac23c2",
  "tree": "5c46ef08688f9f98c35a13125503a836473c699b",
  "parents": [
    "40dd94116ba03678226443ba20c5887459c9bf16"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Tue Sep 24 18:28:50 2024 -0400"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Fri Sep 27 21:21:11 2024 +0000"
  },
  "message": "Do not implement SSL_get_traffic_secrets for QUIC and DTLS\n\nThis is implemented by looking at the saved current read and write\nsecrets. That state is used by KeyUpdate and this logic.\n\nAs part of tidying up the epoch state for DTLS 1.3, I ran into that\nstate because DTLS does not have a single current read/write secret. But\nit also isn\u0027t ideal for QUIC. For QUIC, the problem is that QUIC drives\nKeyUpdates outside of TLS, but that means we\u0027ll just hold on to the\ninitial traffic secrets in memory, which can derive all the rotated\nones.\n\nSo let\u0027s for now, just limit this API to TLS. We can decide later\nwhether to also allow it for DTLS (after very carefully defining what\nthe \"current\" epoch means). I don\u0027t think we\u0027d ever allow it for QUIC\ngiven how QUIC is intended to work.\n\n(This change doesn\u0027t actually fix any of the internal storage, just\nbreaks the API that would leak it. Changing the internal storage will be\nin later CLs.)\n\nBug: 42290608\nChange-Id: I5d4b170a5a80a7cc0657a957ae20135d742891d2\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71647\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f76e0a1b5e18bc97d8656303a66c9cf6176220d4",
      "old_mode": 33188,
      "old_path": "include/openssl/ssl.h",
      "new_id": "a5c5ab0b50e6f6c64bc376497190dc177dadd23f",
      "new_mode": 33188,
      "new_path": "include/openssl/ssl.h"
    },
    {
      "type": "modify",
      "old_id": "2a80a0579c9032fdbe596592164abf67a46719b6",
      "old_mode": 33188,
      "old_path": "ssl/ssl_lib.cc",
      "new_id": "071709f50fb0552fb65ec67d8dc8313baf6f1e1c",
      "new_mode": 33188,
      "new_path": "ssl/ssl_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "46d5af943a48cb08360900b8aaf1e04ec964727c",
      "old_mode": 33188,
      "old_path": "ssl/ssl_test.cc",
      "new_id": "34dd5edeb27c589f80addb253ef6b03ad273bdc5",
      "new_mode": 33188,
      "new_path": "ssl/ssl_test.cc"
    }
  ]
}