Remove insecure QUIC support from Chromium.

Review URL: https://codereview.chromium.org/1393713003

Cr-Commit-Position: refs/heads/master@{#355214}

4 files changed, 7 insertions, 13 deletions

diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc
index 777d721..e126a64 100644
--- a/net/http/http_network_session.cc
+++ b/net/http/http_network_session.cc
@@ -94,7 +94,6 @@ HttpNetworkSession::Params::Params()
       use_alternative_services(false),
       alternative_service_probability_threshold(1),
       enable_quic(false),
-      enable_insecure_quic(false),
       enable_quic_for_proxies(false),
       enable_quic_port_selection(true),
       quic_always_require_handshake_confirmation(false),
diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h
index 75aea10..5353c47 100644
--- a/net/http/http_network_session.h
+++ b/net/http/http_network_session.h
@@ -113,8 +113,6 @@ class NET_EXPORT HttpNetworkSession
 
     // Enables QUIC support.
     bool enable_quic;
-    // Enables insecure QUIC (http:// URLs) support, if enable_quic is true.
-    bool enable_insecure_quic;
     // Enables QUIC for proxies.
     bool enable_quic_for_proxies;
     // Instruct QUIC to use consistent ephemeral ports when talking to
diff --git a/net/http/http_stream_factory_impl.cc b/net/http/http_stream_factory_impl.cc
index 2a8664e..4d32ffc 100644
--- a/net/http/http_stream_factory_impl.cc
+++ b/net/http/http_stream_factory_impl.cc
@@ -211,8 +211,7 @@ AlternativeServiceVector HttpStreamFactoryImpl::GetAlternativeServicesFor(
     if (session_->quic_stream_factory()->IsQuicDisabled(origin.port()))
       continue;
 
-    if (!session_->params().enable_insecure_quic &&
-        !original_url.SchemeIs("https")) {
+    if (!original_url.SchemeIs("https")) {
       continue;
     }
 
diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc
index 27c02cd..33476a0 100644
--- a/net/http/http_stream_factory_impl_job.cc
+++ b/net/http/http_stream_factory_impl_job.cc
@@ -775,7 +775,7 @@ int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
   return session_->params().enable_quic &&
          session_->params().origin_to_force_quic_on.Equals(server_) &&
-         proxy_info_.is_direct();
+         proxy_info_.is_direct() && origin_url_.SchemeIs("https");
 }
 
 int HttpStreamFactoryImpl::Job::DoWaitForJob() {
@@ -834,31 +834,29 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
     }
     HostPortPair destination;
     std::string origin_host;
-    bool secure_quic;
     SSLConfig* ssl_config;
     if (proxy_info_.is_quic()) {
       // A proxy's certificate is expected to be valid for the proxy hostname.
       destination = proxy_info_.proxy_server().host_port_pair();
       origin_host = destination.host();
-      secure_quic = true;
       ssl_config = &proxy_ssl_config_;
 
       // If QUIC is disabled on the destination port, return error.
       if (session_->quic_stream_factory()->IsQuicDisabled(destination.port()))
         return ERR_QUIC_PROTOCOL_ERROR;
     } else {
+      DCHECK(using_ssl_);
       // The certificate of a QUIC alternative server is expected to be valid
       // for the origin of the request (in addition to being valid for the
       // server itself).
       destination = server_;
       origin_host = origin_url_.host();
-      secure_quic = using_ssl_;
       ssl_config = &server_ssl_config_;
     }
-    int rv = quic_request_.Request(
-        destination, secure_quic, request_info_.privacy_mode,
-        ssl_config->GetCertVerifyFlags(), origin_host, request_info_.method,
-        net_log_, io_callback_);
+    int rv =
+        quic_request_.Request(destination, request_info_.privacy_mode,
+                              ssl_config->GetCertVerifyFlags(), origin_host,
+                              request_info_.method, net_log_, io_callback_);
     if (rv == OK) {
       using_existing_quic_session_ = true;
     } else {