Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(870)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_unittest.cc

Issue 109563002: net: add test for TLS_FALLBACK_SCSV (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Typo fix. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/tools/testserver/testserver.py ('k') | third_party/tlslite/README.chromium » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "build/build_config.h" 5 #include "build/build_config.h"
6 6
7 #if defined(OS_WIN) 7 #if defined(OS_WIN)
8 #include <windows.h> 8 #include <windows.h>
9 #include <shlobj.h> 9 #include <shlobj.h>
10 #endif 10 #endif
(...skipping 6032 matching lines...) Expand 10 before | Expand all | Expand 10 after
6043 6043
6044 base::RunLoop().Run(); 6044 base::RunLoop().Run();
6045 6045
6046 EXPECT_EQ(1, d.response_started_count()); 6046 EXPECT_EQ(1, d.response_started_count());
6047 EXPECT_NE(0, d.bytes_received()); 6047 EXPECT_NE(0, d.bytes_received());
6048 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), 6048 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1),
6049 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); 6049 SSLConnectionStatusToVersion(r.ssl_info().connection_status));
6050 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); 6050 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
6051 } 6051 }
6052 6052
6053 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV.
6054 #if defined(USE_OPENSSL)
6055 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) {
6056 #else
6057 TEST_F(HTTPSRequestTest, FallbackSCSV) {
6058 #endif
6059 SpawnedTestServer::SSLOptions ssl_options(
6060 SpawnedTestServer::SSLOptions::CERT_OK);
6061 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger
6062 // a version fallback.
6063 ssl_options.tls_intolerant =
6064 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
6065 // Have the server process TLS_FALLBACK_SCSV so that version fallback
6066 // connections are rejected.
6067 ssl_options.fallback_scsv_enabled = true;
6068
6069 SpawnedTestServer test_server(
6070 SpawnedTestServer::TYPE_HTTPS,
6071 ssl_options,
6072 base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
6073 ASSERT_TRUE(test_server.Start());
6074
6075 TestDelegate d;
6076 TestURLRequestContext context(true);
6077 context.Init();
6078 d.set_allow_certificate_errors(true);
6079 URLRequest r(
6080 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);
6081 r.Start();
6082
6083 base::RunLoop().Run();
6084
6085 EXPECT_EQ(1, d.response_started_count());
6086 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version
6087 // intolerance. If the fallback SCSV is processed when the original error
6088 // that caused the fallback should be returned, which should be
6089 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
6090 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, r.status().error());
6091 }
6092
6053 // This tests that a load of www.google.com with a certificate error sets 6093 // This tests that a load of www.google.com with a certificate error sets
6054 // the |certificate_errors_are_fatal| flag correctly. This flag will cause 6094 // the |certificate_errors_are_fatal| flag correctly. This flag will cause
6055 // the interstitial to be fatal. 6095 // the interstitial to be fatal.
6056 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { 6096 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) {
6057 SpawnedTestServer::SSLOptions ssl_options( 6097 SpawnedTestServer::SSLOptions ssl_options(
6058 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); 6098 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME);
6059 SpawnedTestServer test_server( 6099 SpawnedTestServer test_server(
6060 SpawnedTestServer::TYPE_HTTPS, 6100 SpawnedTestServer::TYPE_HTTPS,
6061 ssl_options, 6101 ssl_options,
6062 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); 6102 base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
(...skipping 1278 matching lines...) Expand 10 before | Expand all | Expand 10 after
7341 7381
7342 EXPECT_FALSE(r.is_pending()); 7382 EXPECT_FALSE(r.is_pending());
7343 EXPECT_EQ(1, d->response_started_count()); 7383 EXPECT_EQ(1, d->response_started_count());
7344 EXPECT_FALSE(d->received_data_before_response()); 7384 EXPECT_FALSE(d->received_data_before_response());
7345 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); 7385 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size));
7346 } 7386 }
7347 } 7387 }
7348 #endif // !defined(DISABLE_FTP_SUPPORT) 7388 #endif // !defined(DISABLE_FTP_SUPPORT)
7349 7389
7350 } // namespace net 7390 } // namespace net
OLDNEW
« no previous file with comments | « net/tools/testserver/testserver.py ('k') | third_party/tlslite/README.chromium » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698