OpenSSL/NSS implementation of ProofVerfifier.

net/quic/crypto/crypto_handshake.cc

Index: net/quic/crypto/crypto_handshake.cc
diff --git a/net/quic/crypto/crypto_handshake.cc b/net/quic/crypto/crypto_handshake.cc
index be296be7db660eea0050c5797d728ef6e00bf7d0..66a83de4cf4c306a5dedea996df77fa9c575220f 100644
--- a/net/quic/crypto/crypto_handshake.cc
+++ b/net/quic/crypto/crypto_handshake.cc
@@ -357,7 +357,8 @@ QuicCryptoClientConfig::~QuicCryptoClientConfig() {
 }
 
 QuicCryptoClientConfig::CachedState::CachedState()
-    : server_config_valid_(false) {}
+    : server_config_valid_(false),
+      generation_counter_(0) {}
 
 QuicCryptoClientConfig::CachedState::~CachedState() {}
 
@@ -430,6 +431,7 @@ QuicErrorCode QuicCryptoClientConfig::CachedState::SetServerConfig(
   if (!matches_existing) {
     server_config_ = server_config.as_string();
     server_config_valid_ = false;
+    ++generation_counter_;
     scfg_.reset(new_scfg_storage.release());
   }
   return QUIC_NO_ERROR;
@@ -439,6 +441,7 @@ void QuicCryptoClientConfig::CachedState::InvalidateServerConfig() {
   server_config_.clear();
   scfg_.reset();
   server_config_valid_ = false;
+  ++generation_counter_;
 }
 
 void QuicCryptoClientConfig::CachedState::SetProof(const vector<string>& certs,
@@ -461,6 +464,7 @@ void QuicCryptoClientConfig::CachedState::SetProof(const vector<string>& certs,
 
   // If the proof has changed then it needs to be revalidated.
   server_config_valid_ = false;
+  ++generation_counter_;

[wtc, 2013/07/03 00:20:26]

It may be a good idea to create a function, say SetProofInvalid,
for these two lines (lines 466-467), so that server_config_valid_
and generation_counter_ are kept in sync.

[ramant (doing other things), 2013/07/03 05:46:34]

Done.

   certs_ = certs;
   server_config_sig_ = signature.as_string();
 }
@@ -490,6 +494,10 @@ bool QuicCryptoClientConfig::CachedState::proof_valid() const {
   return server_config_valid_;
 }
 
+uint64 QuicCryptoClientConfig::CachedState::generation_counter() const {
+  return generation_counter_;
+}
+
 void QuicCryptoClientConfig::CachedState::set_source_address_token(
     StringPiece token) {
   source_address_token_ = token.as_string();
@@ -836,7 +844,7 @@ QuicErrorCode QuicCryptoClientConfig::ProcessServerHello(
   return QUIC_NO_ERROR;
 }
 
-const ProofVerifier* QuicCryptoClientConfig::proof_verifier() const {
+ProofVerifier* QuicCryptoClientConfig::proof_verifier() const {
   return proof_verifier_.get();
 }