net: add test for TLS_FALLBACK_SCSV

net/test/spawned_test_server/base_test_server.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
 
 #include <string>
 #include <utility>
 #include <vector>
@@ skipping 130 matching lines @@
 
     // If true, pass the --https-record-resume argument to testserver.py which
     // causes it to log session cache actions and echo the log on
     // /ssl-session-cache.
     bool record_resume;
 
     // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
     // negotiates an intolerant TLS version in order to test version fallback.
     TLSIntolerantLevel tls_intolerant;
 
+    // fallback_scsv_enabled, if true, causes the server to process the
+    // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome
+    // when performing TLS version fallback in response to an SSL handshake
+    // failure. If this option is enabled then the server will reject fallback
+    // connections.
+    bool fallback_scsv_enabled;
+
     // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
     // a TLS extension.
     // Temporary glue for testing: validation of SCTs is application-controlled
     // and can be appropriately mocked out, so sending fake data here does not
     // affect handshaking behaviour.
     // TODO(ekasper): replace with valid SCT files for test certs.
     std::string signed_cert_timestamps;
   };
 
   // Pass as the 'host' parameter during construction to server on 127.0.0.1
@@ skipping 100 matching lines @@
   bool log_to_console_;
 
   scoped_ptr<ScopedPortException> allowed_port_;
 
   DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
 };
 
 }  // namespace net
 
 #endif  // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_