Open danzh2010 opened 2 years ago
RyanTheOptimist
commented
2 years ago I'm not surprised that quic::ProofSource doesn't have the ALPN, but I'm slightly surprised that it might need it. Can you say more about why we need ALPN from ProofSource as opposed to from, say, quic::QuicSession?
danzh2010
commented
2 years ago EnvoyQuicProofSource does filter chain retrieval in order to get certs or private key to sign. And the FilterChainManager needs ALPN as part of the query. We might not have to expose ALPN directly in ProofSource, but something that can expose ALPN, i.e. QuicSession or a context object.
github-actions[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
github-actions[bot]
commented
2 years ago This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.
danzh2010
commented
2 years ago need a non-stale label
QUICHE interfaces in quic::ProofSource doesn't pass around ALPN negotiated by BoringSsl, but Envoy filter chain retrieval uses ALPN as part of the query. Right now, we hard-code h3 as the ALPN when we construct a ConnectionSocket for server session, but we should make the negotiated APLN available from QUICHE, and use it in Envoy glue code.