Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(582)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_pool_unittest.cc

Issue 8401024: Disable SPDY IP pooling for SSL connections with client authentication. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Remove an incorrect test case Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_pool_unittest.cc
===================================================================
--- net/socket/ssl_client_socket_pool_unittest.cc (revision 107497)
+++ net/socket/ssl_client_socket_pool_unittest.cc (working copy)
@@ -690,7 +690,7 @@
StaticSocketDataProvider data(reads, arraysize(reads), NULL, 0);
socket_factory_.AddSocketDataProvider(&data);
SSLSocketDataProvider ssl(true, OK);
- ssl.cert_ = X509Certificate::CreateFromBytes(
+ ssl.cert = X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der));
ssl.next_proto_status = SSLClientSocket::kNextProtoNegotiated;
ssl.next_proto = "spdy/2";
@@ -719,7 +719,7 @@
EXPECT_EQ(SSLClientSocket::NextProtoFromString(proto),
SSLClientSocket::kProtoSPDY2);
- // TODO(rtenneti): MockClientSocket::GetPeerAddress return's 0 as the port
+ // TODO(rtenneti): MockClientSocket::GetPeerAddress returns 0 as the port
// number. Fix it to return port 80 and then use GetPeerAddress to AddAlias.
const addrinfo* address = test_hosts[0].addresses.head();
SpdySessionPoolPeer pool_peer(session_->spdy_session_pool());
@@ -738,6 +738,91 @@
session_->spdy_session_pool()->CloseAllSessions();
}
+// Verifies that an SSL connection with client authentication disables SPDY IP
+// pooling.
+TEST_F(SSLClientSocketPoolTest, IPPoolingClientCert) {
+ const int kTestPort = 80;
+ struct TestHosts {
+ std::string name;
+ std::string iplist;
+ HostPortProxyPair pair;
+ AddressList addresses;
+ } test_hosts[] = {
+ { "www.webkit.org", "192.0.2.33,192.168.0.1,192.168.0.5" },
+ { "js.webkit.org", "192.168.0.4,192.168.0.1,192.0.2.33" },
+ };
+
+ TestOldCompletionCallback callback;
+ int rv;
+ for (size_t i = 0; i < ARRAYSIZE_UNSAFE(test_hosts); i++) {
+ host_resolver_.rules()->AddIPLiteralRule(test_hosts[i].name,
+ test_hosts[i].iplist, "");
+
+ // This test requires that the HostResolver cache be populated. Normal
+ // code would have done this already, but we do it manually.
+ HostResolver::RequestInfo info(HostPortPair(test_hosts[i].name, kTestPort));
+ rv = host_resolver_.Resolve(info, &test_hosts[i].addresses, &callback,
+ NULL, BoundNetLog());
+ EXPECT_EQ(OK, callback.GetResult(rv));
+
+ // Setup a HostPortProxyPair
+ test_hosts[i].pair = HostPortProxyPair(
+ HostPortPair(test_hosts[i].name, kTestPort), ProxyServer::Direct());
+ }
+
+ MockRead reads[] = {
+ MockRead(true, ERR_IO_PENDING),
+ };
+ StaticSocketDataProvider data(reads, arraysize(reads), NULL, 0);
+ socket_factory_.AddSocketDataProvider(&data);
+ SSLSocketDataProvider ssl(true, OK);
+ ssl.cert = X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der));
+ ssl.next_proto_status = SSLClientSocket::kNextProtoNegotiated;
+ ssl.next_proto = "spdy/2";
+ ssl.client_cert_sent = true;
+ socket_factory_.AddSSLSocketDataProvider(&ssl);
+
+ CreatePool(true /* tcp pool */, false, false);
+ scoped_refptr<SSLSocketParams> params = SSLParams(ProxyServer::SCHEME_DIRECT,
+ true);
+
+ scoped_ptr<ClientSocketHandle> handle(new ClientSocketHandle());
+ rv = handle->Init(
+ "a", params, MEDIUM, &callback, pool_.get(), BoundNetLog());
+ EXPECT_EQ(ERR_IO_PENDING, rv);
+ EXPECT_FALSE(handle->is_initialized());
+ EXPECT_FALSE(handle->socket());
+
+ EXPECT_EQ(OK, callback.WaitForResult());
+ EXPECT_TRUE(handle->is_initialized());
+ EXPECT_TRUE(handle->socket());
+
+ SSLClientSocket* ssl_socket = static_cast<SSLClientSocket*>(handle->socket());
+ EXPECT_TRUE(ssl_socket->was_npn_negotiated());
+ std::string proto;
+ ssl_socket->GetNextProto(&proto);
+ EXPECT_EQ(SSLClientSocket::NextProtoFromString(proto),
+ SSLClientSocket::kProtoSPDY2);
+
+ // TODO(rtenneti): MockClientSocket::GetPeerAddress returns 0 as the port
+ // number. Fix it to return port 80 and then use GetPeerAddress to AddAlias.
+ const addrinfo* address = test_hosts[0].addresses.head();
+ SpdySessionPoolPeer pool_peer(session_->spdy_session_pool());
+ pool_peer.AddAlias(address, test_hosts[0].pair);
+
+ scoped_refptr<SpdySession> spdy_session;
+ rv = session_->spdy_session_pool()->GetSpdySessionFromSocket(
+ test_hosts[0].pair, handle.release(), BoundNetLog(), 0,
+ &spdy_session, true);
+ EXPECT_EQ(0, rv);
+
+ EXPECT_TRUE(session_->spdy_session_pool()->HasSession(test_hosts[0].pair));
+ EXPECT_FALSE(session_->spdy_session_pool()->HasSession(test_hosts[1].pair));
+
+ session_->spdy_session_pool()->CloseAllSessions();
+}
+
// It would be nice to also test the timeouts in SSLClientSocketPool.
} // namespace
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698