OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <shlobj.h> | 9 #include <shlobj.h> |
10 #endif | 10 #endif |
(...skipping 6032 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6043 | 6043 |
6044 base::RunLoop().Run(); | 6044 base::RunLoop().Run(); |
6045 | 6045 |
6046 EXPECT_EQ(1, d.response_started_count()); | 6046 EXPECT_EQ(1, d.response_started_count()); |
6047 EXPECT_NE(0, d.bytes_received()); | 6047 EXPECT_NE(0, d.bytes_received()); |
6048 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | 6048 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
6049 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6049 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6050 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6050 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6051 } | 6051 } |
6052 | 6052 |
6053 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. | |
6054 #if defined(USE_OPENSSL) | |
6055 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { | |
6056 #else | |
6057 TEST_F(HTTPSRequestTest, FallbackSCSV) { | |
6058 #endif | |
6059 SpawnedTestServer::SSLOptions ssl_options( | |
6060 SpawnedTestServer::SSLOptions::CERT_OK); | |
6061 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger | |
6062 // a version fallback. | |
6063 ssl_options.tls_intolerant = | |
6064 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_0; | |
wtc
2013/12/10 18:30:22
Just curious: why did you lower the intolerant ver
agl
2013/12/11 16:35:14
ChromeOS failed the test in a way that suggested t
| |
6065 // Have the server process TLS_FALLBACK_SCSV so that version fallback | |
6066 // connections are rejected. | |
6067 ssl_options.fallback_scsv_enabled = true; | |
6068 | |
6069 SpawnedTestServer test_server( | |
6070 SpawnedTestServer::TYPE_HTTPS, | |
6071 ssl_options, | |
6072 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
6073 ASSERT_TRUE(test_server.Start()); | |
6074 | |
6075 TestDelegate d; | |
6076 TestURLRequestContext context(true); | |
6077 context.Init(); | |
6078 d.set_allow_certificate_errors(true); | |
6079 URLRequest r( | |
6080 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | |
6081 r.Start(); | |
6082 | |
6083 base::RunLoop().Run(); | |
6084 | |
6085 EXPECT_EQ(1, d.response_started_count()); | |
6086 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version | |
6087 // intolerance. If the fallback SCSV is processed when the original error | |
6088 // that caused the fallback should be returned, which should be | |
6089 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH. | |
6090 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, r.status().error()); | |
6091 } | |
6092 | |
6053 // This tests that a load of www.google.com with a certificate error sets | 6093 // This tests that a load of www.google.com with a certificate error sets |
6054 // the |certificate_errors_are_fatal| flag correctly. This flag will cause | 6094 // the |certificate_errors_are_fatal| flag correctly. This flag will cause |
6055 // the interstitial to be fatal. | 6095 // the interstitial to be fatal. |
6056 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { | 6096 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { |
6057 SpawnedTestServer::SSLOptions ssl_options( | 6097 SpawnedTestServer::SSLOptions ssl_options( |
6058 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); | 6098 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); |
6059 SpawnedTestServer test_server( | 6099 SpawnedTestServer test_server( |
6060 SpawnedTestServer::TYPE_HTTPS, | 6100 SpawnedTestServer::TYPE_HTTPS, |
6061 ssl_options, | 6101 ssl_options, |
6062 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 6102 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
(...skipping 1278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7341 | 7381 |
7342 EXPECT_FALSE(r.is_pending()); | 7382 EXPECT_FALSE(r.is_pending()); |
7343 EXPECT_EQ(1, d->response_started_count()); | 7383 EXPECT_EQ(1, d->response_started_count()); |
7344 EXPECT_FALSE(d->received_data_before_response()); | 7384 EXPECT_FALSE(d->received_data_before_response()); |
7345 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 7385 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
7346 } | 7386 } |
7347 } | 7387 } |
7348 #endif // !defined(DISABLE_FTP_SUPPORT) | 7388 #endif // !defined(DISABLE_FTP_SUPPORT) |
7349 | 7389 |
7350 } // namespace net | 7390 } // namespace net |
OLD | NEW |