)]}' { "commit": "ee0716f386190d2bfb105a0db7400df4915773a1", "tree": "ffccc007b6d0ad10a4092d0c27bb19644d554dc2", "parents": [ "fd32089f476f682c153376234dfc2be5251dd942" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Nov 19 14:16:28 2019 +0800" }, "committer": { "name": "CQ bot account: commit-bot@chromium.org", "email": "commit-bot@chromium.org", "time": "Wed Nov 27 15:49:42 2019 +0000" }, "message": "Defer early keys to QUIC clients to after certificate reverification.\n\nOn a client using SSL_CTX_set_reverify_on_resume, we currently release\nthe early data keys before reverification rather than afterwards. This\nmeans the QUIC implementation needs to watch for SSL_do_handshake\u0027s\nreturn value before using the keys we\u0027ve released. It is better to be\nrobust, so defer releasing the keys in the first place.\n\nTo avoid oddities around TCP and QUIC differences, tweak the 0-RTT cert\nreverification to not send an alert on error. Sending such an alert\nunder early data is somewhat questionable given the server may not be\nable to read it anyway.\n\nBug: 303\nChange-Id: I42c16f9f046322d0b03cb0b425e11471f2fbe52a\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38885\nReviewed-by: Nick Harper \u003cnharper@google.com\u003e\nReviewed-by: Steven Valdez \u003csvaldez@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "707c6d24222ca0f8d47832bf978f6590d581e00c", "old_mode": 33188, "old_path": "ssl/handshake.cc", "new_id": "33efc81df6a8798df889778407acac7ae3b436b3", "new_mode": 33188, "new_path": "ssl/handshake.cc" }, { "type": "modify", "old_id": "23f48c14d02d4e5c26c1b125a0635d5c1ec29107", "old_mode": 33188, "old_path": "ssl/handshake_client.cc", "new_id": "4041fe9911acffd6bdec2e61b1d783fb4a370dd9", "new_mode": 33188, "new_path": "ssl/handshake_client.cc" }, { "type": "modify", "old_id": "5f81b2212351fa1c28c71ab144f75905378bc6cd", "old_mode": 33188, "old_path": "ssl/internal.h", "new_id": "dca1b9524470659a0386bdb63d7779ff5bb48af9", "new_mode": 33188, "new_path": "ssl/internal.h" }, { "type": "modify", "old_id": "6211c5623f0f02fa74e0990ff957ea9e677dfd7a", "old_mode": 33188, "old_path": "ssl/ssl_test.cc", "new_id": "41d6bc2d138411b11cf85d119ec76553d4cf621f", "new_mode": 33188, "new_path": "ssl/ssl_test.cc" }, { "type": "modify", "old_id": "fa3f3a6e981d78df723b7e3a7d244685b3740aa6", "old_mode": 33188, "old_path": "ssl/tls13_client.cc", "new_id": "8bb3339a28c3483b48791e1fe1cb1a78f6619159", "new_mode": 33188, "new_path": "ssl/tls13_client.cc" } ] }