OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <shlobj.h> | 9 #include <shlobj.h> |
10 #endif | 10 #endif |
(...skipping 6032 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6043 | 6043 |
6044 base::RunLoop().Run(); | 6044 base::RunLoop().Run(); |
6045 | 6045 |
6046 EXPECT_EQ(1, d.response_started_count()); | 6046 EXPECT_EQ(1, d.response_started_count()); |
6047 EXPECT_NE(0, d.bytes_received()); | 6047 EXPECT_NE(0, d.bytes_received()); |
6048 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | 6048 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
6049 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6049 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6050 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6050 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6051 } | 6051 } |
6052 | 6052 |
| 6053 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. |
| 6054 #if defined(USE_OPENSSL) |
| 6055 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { |
| 6056 #else |
| 6057 TEST_F(HTTPSRequestTest, FallbackSCSV) { |
| 6058 #endif |
| 6059 SpawnedTestServer::SSLOptions ssl_options( |
| 6060 SpawnedTestServer::SSLOptions::CERT_OK); |
| 6061 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger |
| 6062 // a version fallback. |
| 6063 ssl_options.tls_intolerant = |
| 6064 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
| 6065 // Have the server process TLS_FALLBACK_SCSV so that version fallback |
| 6066 // connections are rejected. |
| 6067 ssl_options.fallback_scsv_enabled = true; |
| 6068 |
| 6069 SpawnedTestServer test_server( |
| 6070 SpawnedTestServer::TYPE_HTTPS, |
| 6071 ssl_options, |
| 6072 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 6073 ASSERT_TRUE(test_server.Start()); |
| 6074 |
| 6075 TestDelegate d; |
| 6076 TestURLRequestContext context(true); |
| 6077 context.Init(); |
| 6078 d.set_allow_certificate_errors(true); |
| 6079 URLRequest r( |
| 6080 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
| 6081 r.Start(); |
| 6082 |
| 6083 base::RunLoop().Run(); |
| 6084 |
| 6085 EXPECT_EQ(1, d.response_started_count()); |
| 6086 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version |
| 6087 // intolerance. If the fallback SCSV is processed when the original error |
| 6088 // that caused the fallback should be returned, which should be |
| 6089 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH. |
| 6090 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, r.status().error()); |
| 6091 } |
| 6092 |
6053 // This tests that a load of www.google.com with a certificate error sets | 6093 // This tests that a load of www.google.com with a certificate error sets |
6054 // the |certificate_errors_are_fatal| flag correctly. This flag will cause | 6094 // the |certificate_errors_are_fatal| flag correctly. This flag will cause |
6055 // the interstitial to be fatal. | 6095 // the interstitial to be fatal. |
6056 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { | 6096 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { |
6057 SpawnedTestServer::SSLOptions ssl_options( | 6097 SpawnedTestServer::SSLOptions ssl_options( |
6058 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); | 6098 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); |
6059 SpawnedTestServer test_server( | 6099 SpawnedTestServer test_server( |
6060 SpawnedTestServer::TYPE_HTTPS, | 6100 SpawnedTestServer::TYPE_HTTPS, |
6061 ssl_options, | 6101 ssl_options, |
6062 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 6102 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
(...skipping 1278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7341 | 7381 |
7342 EXPECT_FALSE(r.is_pending()); | 7382 EXPECT_FALSE(r.is_pending()); |
7343 EXPECT_EQ(1, d->response_started_count()); | 7383 EXPECT_EQ(1, d->response_started_count()); |
7344 EXPECT_FALSE(d->received_data_before_response()); | 7384 EXPECT_FALSE(d->received_data_before_response()); |
7345 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 7385 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
7346 } | 7386 } |
7347 } | 7387 } |
7348 #endif // !defined(DISABLE_FTP_SUPPORT) | 7388 #endif // !defined(DISABLE_FTP_SUPPORT) |
7349 | 7389 |
7350 } // namespace net | 7390 } // namespace net |
OLD | NEW |