5 files changed, 23 insertions, 29 deletions
diff --git a/net/quic/crypto/crypto_handshake.cc b/net/quic/crypto/crypto_handshake.cc
index 66a83de..abac98a 100644
--- a/net/quic/crypto/crypto_handshake.cc
+++ b/net/quic/crypto/crypto_handshake.cc
@@ -430,8 +430,7 @@ QuicErrorCode QuicCryptoClientConfig::CachedState::SetServerConfig(
 
   if (!matches_existing) {
     server_config_ = server_config.as_string();
-    server_config_valid_ = false;
-    ++generation_counter_;
+    SetProofInvalid();
     scfg_.reset(new_scfg_storage.release());
   }
   return QUIC_NO_ERROR;
@@ -440,8 +439,7 @@ QuicErrorCode QuicCryptoClientConfig::CachedState::SetServerConfig(
 void QuicCryptoClientConfig::CachedState::InvalidateServerConfig() {
   server_config_.clear();
   scfg_.reset();
-  server_config_valid_ = false;
-  ++generation_counter_;
+  SetProofInvalid();
 }
 
 void QuicCryptoClientConfig::CachedState::SetProof(const vector<string>& certs,
@@ -463,8 +461,7 @@ void QuicCryptoClientConfig::CachedState::SetProof(const vector<string>& certs,
   }
 
   // If the proof has changed then it needs to be revalidated.
-  server_config_valid_ = false;
-  ++generation_counter_;
+  SetProofInvalid();
   certs_ = certs;
   server_config_sig_ = signature.as_string();
 }
@@ -473,6 +470,11 @@ void QuicCryptoClientConfig::CachedState::SetProofValid() {
   server_config_valid_ = true;
 }
 
+void QuicCryptoClientConfig::CachedState::SetProofInvalid() {
+  server_config_valid_ = false;
+  ++generation_counter_;
+}
+
 const string& QuicCryptoClientConfig::CachedState::server_config() const {
   return server_config_;
 }
diff --git a/net/quic/crypto/crypto_handshake.h b/net/quic/crypto/crypto_handshake.h
index e702bb6..89e707b 100644
--- a/net/quic/crypto/crypto_handshake.h
+++ b/net/quic/crypto/crypto_handshake.h
@@ -268,6 +268,11 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
     // (Note: this does not check the chain or signature.)
     void SetProofValid();
 
+    // If the server config or the proof has changed then it needs to be
+    // revalidated. Helper function to keep server_config_valid_ and
+    // generation_counter_ in sync.
+    void SetProofInvalid();
+
     const std::string& server_config() const;
     const std::string& source_address_token() const;
     const std::vector<std::string>& certs() const;
@@ -287,9 +292,10 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
     bool server_config_valid_;          // True if |server_config_| is correctly
                                         // signed and |certs_| has been
                                         // validated.
-    uint64 generation_counter_;         // Generation counter associated with
-                                        // the |server_config_|, |certs_| and
-                                        // |server_config_sig_| combination.
+    // Generation counter associated with the |server_config_|, |certs_| and
+    // |server_config_sig_| combination. It is incremented whenever we set
+    // server_config_valid_ to false.
+    uint64 generation_counter_;
 
     // scfg contains the cached, parsed value of |server_config|.
     mutable scoped_ptr<CryptoHandshakeMessage> scfg_;
diff --git a/net/quic/crypto/proof_test.cc b/net/quic/crypto/proof_test.cc
index b30c9aa..7b38546 100644
--- a/net/quic/crypto/proof_test.cc
+++ b/net/quic/crypto/proof_test.cc
@@ -13,10 +13,6 @@
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(OS_WIN)
-#include "base/win/windows_version.h"
-#endif
-
 using std::string;
 using std::vector;
 
@@ -264,7 +260,9 @@ TEST(Proof, VerifyRSAKnownAnswerTest) {
 
 // A known answer test that allows us to test ProofVerifier without a working
 // ProofSource.
-// TODO(rtenneti): Enable VerifyECDSAKnownAnswerTest on win_rel and XP.
+// TODO(rtenneti): Enable VerifyECDSAKnownAnswerTest on Windows. Disabled this
+// test because X509Certificate::GetPublicKeyInfo is not returning the correct
+// type for ECDSA certificates.
 #if defined(OS_WIN)
 #define MAYBE_VerifyECDSAKnownAnswerTest DISABLED_VerifyECDSAKnownAnswerTest
 #else
diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc
index 7a764b6..0c0b71f 100644
--- a/net/quic/crypto/proof_verifier_chromium.cc
+++ b/net/quic/crypto/proof_verifier_chromium.cc
@@ -40,10 +40,6 @@ ProofVerifierChromium::ProofVerifierChromium(CertVerifier* cert_verifier,
 
 ProofVerifierChromium::~ProofVerifierChromium() {
   verifier_.reset();
-
-  // Reset object state.
-  callback_.Reset();
-  cert_verify_result_.Reset();
 }
 
 int ProofVerifierChromium::VerifyProof(const string& hostname,
@@ -75,8 +71,6 @@ int ProofVerifierChromium::VerifyProof(const string& hostname,
   }
   cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces);
   if (!cert_.get()) {
-    cert_verify_result_.Reset();
-    cert_verify_result_.cert_status = CERT_STATUS_INVALID;
     *error_details = "Failed to create certificate chain";
     DLOG(WARNING) << *error_details;
     return ERR_FAILED;
@@ -149,7 +143,7 @@ int ProofVerifierChromium::DoVerifyCertComplete(int result) {
 
   if (result <= ERR_FAILED) {
     *error_details_ = StringPrintf("Failed to verify certificate chain: %s",
-                                  ErrorToString(result));
+                                   ErrorToString(result));
     DLOG(WARNING) << *error_details_;
     result = ERR_FAILED;
   }
diff --git a/net/quic/crypto/proof_verifier_chromium.h b/net/quic/crypto/proof_verifier_chromium.h
index 2466507..f27cc41 100644
--- a/net/quic/crypto/proof_verifier_chromium.h
+++ b/net/quic/crypto/proof_verifier_chromium.h
@@ -20,18 +20,15 @@
 
 namespace net {
 
-class BoundNetLog;
 class CertVerifier;
-class CertVerifyResult;
 class SingleRequestCertVerifier;
-class X509Certificate;
 
 // ProofVerifierChromium implements the QUIC ProofVerifier interface.
 // TODO(rtenneti): Add support for multiple requests for one ProofVerifier.
 class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier {
  public:
-  explicit ProofVerifierChromium(CertVerifier* cert_verifier,
-                                 const BoundNetLog& net_log);
+  ProofVerifierChromium(CertVerifier* cert_verifier,
+                        const BoundNetLog& net_log);
   virtual ~ProofVerifierChromium();
 
   // ProofVerifier interface
@@ -74,9 +71,6 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier {
   // X509Certificate from a chain of DER encoded certificates.
   scoped_refptr<X509Certificate> cert_;
 
-  // |generation_counter| passed to VerifyProof call.
-  uint64 generation_counter_;
-
   State next_state_;
 
   BoundNetLog net_log_;