| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "net/base/address_list.h" | 7 #include "net/base/address_list.h" |
| 8 #include "net/base/host_resolver.h" | 8 #include "net/base/host_resolver.h" |
| 9 #include "net/base/io_buffer.h" | 9 #include "net/base/io_buffer.h" |
| 10 #include "net/base/net_log.h" | 10 #include "net/base/net_log.h" |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 65 rv = callback.WaitForResult(); | 65 rv = callback.WaitForResult(); |
| 66 EXPECT_EQ(net::OK, rv); | 66 EXPECT_EQ(net::OK, rv); |
| 67 | 67 |
| 68 scoped_ptr<net::SSLClientSocket> sock( | 68 scoped_ptr<net::SSLClientSocket> sock( |
| 69 socket_factory_->CreateSSLClientSocket( | 69 socket_factory_->CreateSSLClientSocket( |
| 70 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); | 70 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); |
| 71 | 71 |
| 72 EXPECT_FALSE(sock->IsConnected()); | 72 EXPECT_FALSE(sock->IsConnected()); |
| 73 | 73 |
| 74 rv = sock->Connect(&callback); | 74 rv = sock->Connect(&callback); |
| 75 |
| 76 net::CapturingNetLog::EntryList entries; |
| 77 log.GetEntries(&entries); |
| 75 EXPECT_TRUE(net::LogContainsBeginEvent( | 78 EXPECT_TRUE(net::LogContainsBeginEvent( |
| 76 log.entries(), 5, net::NetLog::TYPE_SSL_CONNECT)); | 79 entries, 5, net::NetLog::TYPE_SSL_CONNECT)); |
| 77 if (rv == net::ERR_IO_PENDING) | 80 if (rv == net::ERR_IO_PENDING) |
| 78 rv = callback.WaitForResult(); | 81 rv = callback.WaitForResult(); |
| 79 EXPECT_EQ(net::OK, rv); | 82 EXPECT_EQ(net::OK, rv); |
| 80 EXPECT_TRUE(sock->IsConnected()); | 83 EXPECT_TRUE(sock->IsConnected()); |
| 81 EXPECT_TRUE(LogContainsSSLConnectEndEvent(log.entries(), -1)); | 84 log.GetEntries(&entries); |
| 85 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 82 | 86 |
| 83 sock->Disconnect(); | 87 sock->Disconnect(); |
| 84 EXPECT_FALSE(sock->IsConnected()); | 88 EXPECT_FALSE(sock->IsConnected()); |
| 85 } | 89 } |
| 86 | 90 |
| 87 TEST_F(SSLClientSocketTest, ConnectExpired) { | 91 TEST_F(SSLClientSocketTest, ConnectExpired) { |
| 88 net::TestServer::HTTPSOptions https_options( | 92 net::TestServer::HTTPSOptions https_options( |
| 89 net::TestServer::HTTPSOptions::CERT_EXPIRED); | 93 net::TestServer::HTTPSOptions::CERT_EXPIRED); |
| 90 net::TestServer test_server(https_options, FilePath()); | 94 net::TestServer test_server(https_options, FilePath()); |
| 91 ASSERT_TRUE(test_server.Start()); | 95 ASSERT_TRUE(test_server.Start()); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 102 rv = callback.WaitForResult(); | 106 rv = callback.WaitForResult(); |
| 103 EXPECT_EQ(net::OK, rv); | 107 EXPECT_EQ(net::OK, rv); |
| 104 | 108 |
| 105 scoped_ptr<net::SSLClientSocket> sock( | 109 scoped_ptr<net::SSLClientSocket> sock( |
| 106 socket_factory_->CreateSSLClientSocket( | 110 socket_factory_->CreateSSLClientSocket( |
| 107 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); | 111 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); |
| 108 | 112 |
| 109 EXPECT_FALSE(sock->IsConnected()); | 113 EXPECT_FALSE(sock->IsConnected()); |
| 110 | 114 |
| 111 rv = sock->Connect(&callback); | 115 rv = sock->Connect(&callback); |
| 116 |
| 117 net::CapturingNetLog::EntryList entries; |
| 118 log.GetEntries(&entries); |
| 112 EXPECT_TRUE(net::LogContainsBeginEvent( | 119 EXPECT_TRUE(net::LogContainsBeginEvent( |
| 113 log.entries(), 5, net::NetLog::TYPE_SSL_CONNECT)); | 120 entries, 5, net::NetLog::TYPE_SSL_CONNECT)); |
| 114 if (rv == net::ERR_IO_PENDING) | 121 if (rv == net::ERR_IO_PENDING) |
| 115 rv = callback.WaitForResult(); | 122 rv = callback.WaitForResult(); |
| 116 | 123 |
| 117 EXPECT_EQ(net::ERR_CERT_DATE_INVALID, rv); | 124 EXPECT_EQ(net::ERR_CERT_DATE_INVALID, rv); |
| 118 | 125 |
| 119 // Rather than testing whether or not the underlying socket is connected, | 126 // Rather than testing whether or not the underlying socket is connected, |
| 120 // test that the handshake has finished. This is because it may be | 127 // test that the handshake has finished. This is because it may be |
| 121 // desirable to disconnect the socket before showing a user prompt, since | 128 // desirable to disconnect the socket before showing a user prompt, since |
| 122 // the user may take indefinitely long to respond. | 129 // the user may take indefinitely long to respond. |
| 123 EXPECT_TRUE(LogContainsSSLConnectEndEvent(log.entries(), -1)); | 130 log.GetEntries(&entries); |
| 131 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 124 } | 132 } |
| 125 | 133 |
| 126 TEST_F(SSLClientSocketTest, ConnectMismatched) { | 134 TEST_F(SSLClientSocketTest, ConnectMismatched) { |
| 127 net::TestServer::HTTPSOptions https_options( | 135 net::TestServer::HTTPSOptions https_options( |
| 128 net::TestServer::HTTPSOptions::CERT_MISMATCHED_NAME); | 136 net::TestServer::HTTPSOptions::CERT_MISMATCHED_NAME); |
| 129 net::TestServer test_server(https_options, FilePath()); | 137 net::TestServer test_server(https_options, FilePath()); |
| 130 ASSERT_TRUE(test_server.Start()); | 138 ASSERT_TRUE(test_server.Start()); |
| 131 | 139 |
| 132 net::AddressList addr; | 140 net::AddressList addr; |
| 133 ASSERT_TRUE(test_server.GetAddressList(&addr)); | 141 ASSERT_TRUE(test_server.GetAddressList(&addr)); |
| 134 | 142 |
| 135 TestCompletionCallback callback; | 143 TestCompletionCallback callback; |
| 136 net::CapturingNetLog log(net::CapturingNetLog::kUnbounded); | 144 net::CapturingNetLog log(net::CapturingNetLog::kUnbounded); |
| 137 net::ClientSocket* transport = new net::TCPClientSocket( | 145 net::ClientSocket* transport = new net::TCPClientSocket( |
| 138 addr, &log, net::NetLog::Source()); | 146 addr, &log, net::NetLog::Source()); |
| 139 int rv = transport->Connect(&callback); | 147 int rv = transport->Connect(&callback); |
| 140 if (rv == net::ERR_IO_PENDING) | 148 if (rv == net::ERR_IO_PENDING) |
| 141 rv = callback.WaitForResult(); | 149 rv = callback.WaitForResult(); |
| 142 EXPECT_EQ(net::OK, rv); | 150 EXPECT_EQ(net::OK, rv); |
| 143 | 151 |
| 144 scoped_ptr<net::SSLClientSocket> sock( | 152 scoped_ptr<net::SSLClientSocket> sock( |
| 145 socket_factory_->CreateSSLClientSocket( | 153 socket_factory_->CreateSSLClientSocket( |
| 146 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); | 154 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); |
| 147 | 155 |
| 148 EXPECT_FALSE(sock->IsConnected()); | 156 EXPECT_FALSE(sock->IsConnected()); |
| 149 | 157 |
| 150 rv = sock->Connect(&callback); | 158 rv = sock->Connect(&callback); |
| 151 | 159 |
| 160 net::CapturingNetLog::EntryList entries; |
| 161 log.GetEntries(&entries); |
| 152 EXPECT_TRUE(net::LogContainsBeginEvent( | 162 EXPECT_TRUE(net::LogContainsBeginEvent( |
| 153 log.entries(), 5, net::NetLog::TYPE_SSL_CONNECT)); | 163 entries, 5, net::NetLog::TYPE_SSL_CONNECT)); |
| 154 if (rv == net::ERR_IO_PENDING) | 164 if (rv == net::ERR_IO_PENDING) |
| 155 rv = callback.WaitForResult(); | 165 rv = callback.WaitForResult(); |
| 156 | 166 |
| 157 EXPECT_EQ(net::ERR_CERT_COMMON_NAME_INVALID, rv); | 167 EXPECT_EQ(net::ERR_CERT_COMMON_NAME_INVALID, rv); |
| 158 | 168 |
| 159 // Rather than testing whether or not the underlying socket is connected, | 169 // Rather than testing whether or not the underlying socket is connected, |
| 160 // test that the handshake has finished. This is because it may be | 170 // test that the handshake has finished. This is because it may be |
| 161 // desirable to disconnect the socket before showing a user prompt, since | 171 // desirable to disconnect the socket before showing a user prompt, since |
| 162 // the user may take indefinitely long to respond. | 172 // the user may take indefinitely long to respond. |
| 163 EXPECT_TRUE(LogContainsSSLConnectEndEvent(log.entries(), -1)); | 173 log.GetEntries(&entries); |
| 174 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 164 } | 175 } |
| 165 | 176 |
| 166 // Attempt to connect to a page which requests a client certificate. It should | 177 // Attempt to connect to a page which requests a client certificate. It should |
| 167 // return an error code on connect. | 178 // return an error code on connect. |
| 168 // Flaky: http://crbug.com/54445 | 179 // Flaky: http://crbug.com/54445 |
| 169 TEST_F(SSLClientSocketTest, FLAKY_ConnectClientAuthCertRequested) { | 180 TEST_F(SSLClientSocketTest, FLAKY_ConnectClientAuthCertRequested) { |
| 170 net::TestServer::HTTPSOptions https_options; | 181 net::TestServer::HTTPSOptions https_options; |
| 171 https_options.request_client_certificate = true; | 182 https_options.request_client_certificate = true; |
| 172 net::TestServer test_server(https_options, FilePath()); | 183 net::TestServer test_server(https_options, FilePath()); |
| 173 ASSERT_TRUE(test_server.Start()); | 184 ASSERT_TRUE(test_server.Start()); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 184 rv = callback.WaitForResult(); | 195 rv = callback.WaitForResult(); |
| 185 EXPECT_EQ(net::OK, rv); | 196 EXPECT_EQ(net::OK, rv); |
| 186 | 197 |
| 187 scoped_ptr<net::SSLClientSocket> sock( | 198 scoped_ptr<net::SSLClientSocket> sock( |
| 188 socket_factory_->CreateSSLClientSocket( | 199 socket_factory_->CreateSSLClientSocket( |
| 189 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); | 200 transport, test_server.host_port_pair(), kDefaultSSLConfig, NULL)); |
| 190 | 201 |
| 191 EXPECT_FALSE(sock->IsConnected()); | 202 EXPECT_FALSE(sock->IsConnected()); |
| 192 | 203 |
| 193 rv = sock->Connect(&callback); | 204 rv = sock->Connect(&callback); |
| 205 |
| 206 net::CapturingNetLog::EntryList entries; |
| 207 log.GetEntries(&entries); |
| 194 EXPECT_TRUE(net::LogContainsBeginEvent( | 208 EXPECT_TRUE(net::LogContainsBeginEvent( |
| 195 log.entries(), 5, net::NetLog::TYPE_SSL_CONNECT)); | 209 entries, 5, net::NetLog::TYPE_SSL_CONNECT)); |
| 196 if (rv == net::ERR_IO_PENDING) | 210 if (rv == net::ERR_IO_PENDING) |
| 197 rv = callback.WaitForResult(); | 211 rv = callback.WaitForResult(); |
| 198 | 212 |
| 213 log.GetEntries(&entries); |
| 214 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 199 EXPECT_EQ(net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 215 EXPECT_EQ(net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 200 EXPECT_FALSE(sock->IsConnected()); | 216 EXPECT_FALSE(sock->IsConnected()); |
| 201 } | 217 } |
| 202 | 218 |
| 203 // Connect to a server requesting optional client authentication. Send it a | 219 // Connect to a server requesting optional client authentication. Send it a |
| 204 // null certificate. It should allow the connection. | 220 // null certificate. It should allow the connection. |
| 205 // | 221 // |
| 206 // TODO(davidben): Also test providing an actual certificate. | 222 // TODO(davidben): Also test providing an actual certificate. |
| 207 TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { | 223 TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { |
| 208 net::TestServer::HTTPSOptions https_options; | 224 net::TestServer::HTTPSOptions https_options; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 228 | 244 |
| 229 scoped_ptr<net::SSLClientSocket> sock( | 245 scoped_ptr<net::SSLClientSocket> sock( |
| 230 socket_factory_->CreateSSLClientSocket( | 246 socket_factory_->CreateSSLClientSocket( |
| 231 transport, test_server.host_port_pair(), ssl_config, NULL)); | 247 transport, test_server.host_port_pair(), ssl_config, NULL)); |
| 232 | 248 |
| 233 EXPECT_FALSE(sock->IsConnected()); | 249 EXPECT_FALSE(sock->IsConnected()); |
| 234 | 250 |
| 235 // Our test server accepts certificate-less connections. | 251 // Our test server accepts certificate-less connections. |
| 236 // TODO(davidben): Add a test which requires them and verify the error. | 252 // TODO(davidben): Add a test which requires them and verify the error. |
| 237 rv = sock->Connect(&callback); | 253 rv = sock->Connect(&callback); |
| 254 |
| 255 net::CapturingNetLog::EntryList entries; |
| 256 log.GetEntries(&entries); |
| 238 EXPECT_TRUE(net::LogContainsBeginEvent( | 257 EXPECT_TRUE(net::LogContainsBeginEvent( |
| 239 log.entries(), 5, net::NetLog::TYPE_SSL_CONNECT)); | 258 entries, 5, net::NetLog::TYPE_SSL_CONNECT)); |
| 240 if (rv == net::ERR_IO_PENDING) | 259 if (rv == net::ERR_IO_PENDING) |
| 241 rv = callback.WaitForResult(); | 260 rv = callback.WaitForResult(); |
| 242 | 261 |
| 243 EXPECT_EQ(net::OK, rv); | 262 EXPECT_EQ(net::OK, rv); |
| 244 EXPECT_TRUE(sock->IsConnected()); | 263 EXPECT_TRUE(sock->IsConnected()); |
| 245 EXPECT_TRUE(LogContainsSSLConnectEndEvent(log.entries(), -1)); | 264 log.GetEntries(&entries); |
| 265 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 246 | 266 |
| 247 sock->Disconnect(); | 267 sock->Disconnect(); |
| 248 EXPECT_FALSE(sock->IsConnected()); | 268 EXPECT_FALSE(sock->IsConnected()); |
| 249 } | 269 } |
| 250 | 270 |
| 251 // TODO(wtc): Add unit tests for IsConnectedAndIdle: | 271 // TODO(wtc): Add unit tests for IsConnectedAndIdle: |
| 252 // - Server closes an SSL connection (with a close_notify alert message). | 272 // - Server closes an SSL connection (with a close_notify alert message). |
| 253 // - Server closes the underlying TCP connection directly. | 273 // - Server closes the underlying TCP connection directly. |
| 254 // - Server sends data unexpectedly. | 274 // - Server sends data unexpectedly. |
| 255 | 275 |
| (...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 546 for (size_t i = 0; i < arraysize(kCiphersToDisable); ++i) | 566 for (size_t i = 0; i < arraysize(kCiphersToDisable); ++i) |
| 547 ssl_config.disabled_cipher_suites.push_back(kCiphersToDisable[i]); | 567 ssl_config.disabled_cipher_suites.push_back(kCiphersToDisable[i]); |
| 548 | 568 |
| 549 scoped_ptr<net::SSLClientSocket> sock( | 569 scoped_ptr<net::SSLClientSocket> sock( |
| 550 socket_factory_->CreateSSLClientSocket( | 570 socket_factory_->CreateSSLClientSocket( |
| 551 transport, test_server.host_port_pair(), ssl_config, NULL)); | 571 transport, test_server.host_port_pair(), ssl_config, NULL)); |
| 552 | 572 |
| 553 EXPECT_FALSE(sock->IsConnected()); | 573 EXPECT_FALSE(sock->IsConnected()); |
| 554 | 574 |
| 555 rv = sock->Connect(&callback); | 575 rv = sock->Connect(&callback); |
| 576 net::CapturingNetLog::EntryList entries; |
| 577 log.GetEntries(&entries); |
| 556 EXPECT_TRUE(net::LogContainsBeginEvent( | 578 EXPECT_TRUE(net::LogContainsBeginEvent( |
| 557 log.entries(), 5, net::NetLog::TYPE_SSL_CONNECT)); | 579 entries, 5, net::NetLog::TYPE_SSL_CONNECT)); |
| 558 | 580 |
| 559 // NSS has special handling that maps a handshake_failure alert received | 581 // NSS has special handling that maps a handshake_failure alert received |
| 560 // immediately after a client_hello to be a mismatched cipher suite error, | 582 // immediately after a client_hello to be a mismatched cipher suite error, |
| 561 // leading to ERR_SSL_VERSION_OR_CIPHER_MISMATCH. When using OpenSSL or | 583 // leading to ERR_SSL_VERSION_OR_CIPHER_MISMATCH. When using OpenSSL or |
| 562 // Secure Transport (OS X), the handshake_failure is bubbled up without any | 584 // Secure Transport (OS X), the handshake_failure is bubbled up without any |
| 563 // interpretation, leading to ERR_SSL_PROTOCOL_ERROR. Either way, a failure | 585 // interpretation, leading to ERR_SSL_PROTOCOL_ERROR. Either way, a failure |
| 564 // indicates that no cipher suite was negotiated with the test server. | 586 // indicates that no cipher suite was negotiated with the test server. |
| 565 if (rv == net::ERR_IO_PENDING) | 587 if (rv == net::ERR_IO_PENDING) |
| 566 rv = callback.WaitForResult(); | 588 rv = callback.WaitForResult(); |
| 567 EXPECT_TRUE(rv == net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH || | 589 EXPECT_TRUE(rv == net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH || |
| 568 rv == net::ERR_SSL_PROTOCOL_ERROR); | 590 rv == net::ERR_SSL_PROTOCOL_ERROR); |
| 569 // The exact ordering differs between SSLClientSocketNSS (which issues an | 591 // The exact ordering differs between SSLClientSocketNSS (which issues an |
| 570 // extra read) and SSLClientSocketMac (which does not). Just make sure the | 592 // extra read) and SSLClientSocketMac (which does not). Just make sure the |
| 571 // error appears somewhere in the log. | 593 // error appears somewhere in the log. |
| 572 net::ExpectLogContainsSomewhere(log.entries(), 0, | 594 log.GetEntries(&entries); |
| 595 net::ExpectLogContainsSomewhere(entries, 0, |
| 573 net::NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 596 net::NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 574 net::NetLog::PHASE_NONE); | 597 net::NetLog::PHASE_NONE); |
| 575 | 598 |
| 576 // We cannot test sock->IsConnected(), as the NSS implementation disconnects | 599 // We cannot test sock->IsConnected(), as the NSS implementation disconnects |
| 577 // the socket when it encounters an error, whereas other implementations | 600 // the socket when it encounters an error, whereas other implementations |
| 578 // leave it connected. | 601 // leave it connected. |
| 579 EXPECT_TRUE(LogContainsSSLConnectEndEvent(log.entries(), -1)); | 602 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 580 } | 603 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4118004:
Update NetLog to be thread safe. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/