Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(937)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_unittest.cc

Issue 170016: Add a unit test for handling SSL certificate errors.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 11 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_unittest.cc
===================================================================
--- net/socket/ssl_client_socket_unittest.cc (revision 23320)
+++ net/socket/ssl_client_socket_unittest.cc (working copy)
@@ -9,6 +9,7 @@
#include "net/base/io_buffer.h"
#include "net/base/net_errors.h"
#include "net/base/ssl_config_service.h"
+#include "net/base/ssl_info.h"
#include "net/base/test_completion_callback.h"
#include "net/socket/client_socket_factory.h"
#include "net/socket/ssl_test_util.h"
@@ -49,6 +50,22 @@
}
protected:
+ net::SSLClientSocket* CreateSSLClientSocket(
+ const net::AddressList& addr,
+ const net::SSLConfig& ssl_config) {
+ TestCompletionCallback callback;
+ net::ClientSocket *transport = new net::TCPClientSocket(addr);
eroman 2009/08/15 02:04:29 style-nit: move * to the left.
+ int rv = transport->Connect(&callback);
+ if (rv == net::ERR_IO_PENDING)
+ rv = callback.WaitForResult();
+ EXPECT_EQ(net::OK, rv);
+
+ net::SSLClientSocket* sock = socket_factory_->CreateSSLClientSocket(
+ transport, server_.kHostName, ssl_config);
+ EXPECT_FALSE(sock->IsConnected());
+ return sock;
+ }
+
scoped_refptr<net::HostResolver> resolver_;
net::ClientSocketFactory* socket_factory_;
net::TestServerLauncher server_;
@@ -56,7 +73,7 @@
//-----------------------------------------------------------------------------
-#if defined(OS_MACOSX)
+#if defined(OS_MAC)
// Status 6/19/09:
//
// If these tests are enabled on OSX, we choke at the point
@@ -94,18 +111,9 @@
int rv = resolver_->Resolve(NULL, info, &addr, NULL, NULL);
EXPECT_EQ(net::OK, rv);
- net::ClientSocket *transport = new net::TCPClientSocket(addr);
- rv = transport->Connect(&callback);
- if (rv == net::ERR_IO_PENDING)
- rv = callback.WaitForResult();
- EXPECT_EQ(net::OK, rv);
-
scoped_ptr<net::SSLClientSocket> sock(
- socket_factory_->CreateSSLClientSocket(transport,
- server_.kHostName, kDefaultSSLConfig));
+ CreateSSLClientSocket(addr, kDefaultSSLConfig));
- EXPECT_FALSE(sock->IsConnected());
-
rv = sock->Connect(&callback);
if (rv != net::OK) {
ASSERT_EQ(net::ERR_IO_PENDING, rv);
@@ -131,17 +139,11 @@
int rv = resolver_->Resolve(NULL, info, &addr, NULL, NULL);
EXPECT_EQ(net::OK, rv);
- net::ClientSocket *transport = new net::TCPClientSocket(addr);
- rv = transport->Connect(&callback);
- if (rv == net::ERR_IO_PENDING)
- rv = callback.WaitForResult();
- EXPECT_EQ(net::OK, rv);
+ net::SSLConfig ssl_config = kDefaultSSLConfig;
- scoped_ptr<net::SSLClientSocket> sock(
- socket_factory_->CreateSSLClientSocket(transport,
- server_.kHostName, kDefaultSSLConfig));
+ scoped_ptr<net::SSLClientSocket> sock;
- EXPECT_FALSE(sock->IsConnected());
+ sock.reset(CreateSSLClientSocket(addr, ssl_config));
rv = sock->Connect(&callback);
if (rv != net::OK) {
@@ -149,12 +151,57 @@
EXPECT_FALSE(sock->IsConnected());
rv = callback.WaitForResult();
- EXPECT_EQ(net::ERR_CERT_DATE_INVALID, rv);
+ // TODO(wtc): This should be net::ERR_CERT_DATE_INVALID.
+ EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, rv);
}
// We cannot test sock->IsConnected(), as the NSS implementation disconnects
// the socket when it encounters an error, whereas other implementations
// leave it connected.
+
+ ////////////////////////
+ ////////////////////////
+
+ net::SSLInfo ssl_info;
+ sock->GetSSLInfo(&ssl_info);
+ EXPECT_TRUE(ssl_info.cert);
+ EXPECT_EQ(net::CERT_STATUS_AUTHORITY_INVALID,
eroman 2009/08/15 02:04:29 style-nit: why not just EXPECT_TRUE(ssl_info.cert_
+ ssl_info.cert_status & net::CERT_STATUS_AUTHORITY_INVALID);
+ net::SSLConfig::CertAndStatus bad_cert;
+ bad_cert.cert = ssl_info.cert;
+ bad_cert.cert_status = ssl_info.cert_status;
+ ssl_config.allowed_bad_certs.push_back(bad_cert);
+
+ ///////////////////////
+ ///////////////////////
eroman 2009/08/15 02:04:29 style-nit: i haven't really seen the //// style in
+
+ sock->Disconnect();
+ EXPECT_FALSE(sock->IsConnected());
+
+ ///////////////////////
+ ///////////////////////
+
+ sock.reset(CreateSSLClientSocket(addr, ssl_config));
+
+ rv = sock->Connect(&callback);
+ if (rv != net::OK) {
+ ASSERT_EQ(net::ERR_IO_PENDING, rv);
+ EXPECT_FALSE(sock->IsConnected());
+
+ rv = callback.WaitForResult();
+ EXPECT_EQ(net::OK, rv);
+ }
+
+ EXPECT_TRUE(sock->IsConnected());
+
+ ssl_info.Reset();
+ sock->GetSSLInfo(&ssl_info);
+ EXPECT_TRUE(ssl_info.cert);
+ EXPECT_EQ(net::CERT_STATUS_AUTHORITY_INVALID,
+ ssl_info.cert_status & net::CERT_STATUS_AUTHORITY_INVALID);
+
+ sock->Disconnect();
+ EXPECT_FALSE(sock->IsConnected());
}
TEST_F(SSLClientSocketTest, MAYBE_ConnectMismatched) {
@@ -168,18 +215,9 @@
int rv = resolver_->Resolve(NULL, info, &addr, NULL, NULL);
EXPECT_EQ(net::OK, rv);
- net::ClientSocket *transport = new net::TCPClientSocket(addr);
- rv = transport->Connect(&callback);
- if (rv == net::ERR_IO_PENDING)
- rv = callback.WaitForResult();
- EXPECT_EQ(net::OK, rv);
-
scoped_ptr<net::SSLClientSocket> sock(
- socket_factory_->CreateSSLClientSocket(transport,
- server_.kMismatchedHostName, kDefaultSSLConfig));
+ CreateSSLClientSocket(addr, kDefaultSSLConfig));
eroman 2009/08/15 02:04:29 Is this intentional? This used to use server_.kMis
- EXPECT_FALSE(sock->IsConnected());
-
rv = sock->Connect(&callback);
if (rv != net::ERR_CERT_COMMON_NAME_INVALID) {
ASSERT_EQ(net::ERR_IO_PENDING, rv);
@@ -212,16 +250,8 @@
rv = callback.WaitForResult();
EXPECT_EQ(net::OK, rv);
- net::ClientSocket *transport = new net::TCPClientSocket(addr);
- rv = transport->Connect(&callback);
- if (rv == net::ERR_IO_PENDING)
- rv = callback.WaitForResult();
- EXPECT_EQ(net::OK, rv);
-
scoped_ptr<net::SSLClientSocket> sock(
- socket_factory_->CreateSSLClientSocket(transport,
- server_.kHostName,
- kDefaultSSLConfig));
+ CreateSSLClientSocket(addr, kDefaultSSLConfig));
rv = sock->Connect(&callback);
if (rv != net::OK) {
@@ -269,15 +299,8 @@
int rv = resolver_->Resolve(NULL, info, &addr, NULL, NULL);
EXPECT_EQ(net::OK, rv);
- net::ClientSocket *transport = new net::TCPClientSocket(addr);
- rv = transport->Connect(&callback);
- if (rv == net::ERR_IO_PENDING)
- rv = callback.WaitForResult();
- EXPECT_EQ(net::OK, rv);
-
scoped_ptr<net::SSLClientSocket> sock(
- socket_factory_->CreateSSLClientSocket(transport,
- server_.kHostName, kDefaultSSLConfig));
+ CreateSSLClientSocket(addr, kDefaultSSLConfig));
rv = sock->Connect(&callback);
if (rv != net::OK) {
@@ -324,15 +347,8 @@
int rv = resolver_->Resolve(NULL, info, &addr, NULL, NULL);
EXPECT_EQ(net::OK, rv);
- net::ClientSocket *transport = new net::TCPClientSocket(addr);
- rv = transport->Connect(&callback);
- if (rv == net::ERR_IO_PENDING)
- rv = callback.WaitForResult();
- EXPECT_EQ(net::OK, rv);
-
scoped_ptr<net::SSLClientSocket> sock(
- socket_factory_->CreateSSLClientSocket(transport,
- server_.kHostName, kDefaultSSLConfig));
+ CreateSSLClientSocket(addr, kDefaultSSLConfig));
rv = sock->Connect(&callback);
if (rv != net::OK) {
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698