net/url_request/url_request_unittest.cc - Issue 109563002: net: add test for TLS_FALLBACK_SCSV

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/url_request/url_request_unittest.cc

Issue 109563002: net: add test for TLS_FALLBACK_SCSV (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Add comment. Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/url_request/url_request_unittest.cc

diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc

index 116808ca7246888bd7e6981b9ebd128eab6e71ea..79c350892bf4a0029c59ba1faa83e5522f6a7dbc 100644

--- a/net/url_request/url_request_unittest.cc

+++ b/net/url_request/url_request_unittest.cc

@@ -6050,6 +6050,46 @@ TEST_F(HTTPSRequestTest, TLSv1Fallback) {

EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);

}

+// Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV.

+#if defined(USE_OPENSSL)

+TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) {

+#else

+TEST_F(HTTPSRequestTest, FallbackSCSV) {

+#endif

+ SpawnedTestServer::SSLOptions ssl_options(

+ SpawnedTestServer::SSLOptions::CERT_OK);

+ // Configure HTTPS server to be intolerant of TLS >= 1.1 in order to trigger

+ // a version fallback.

+ ssl_options.tls_intolerant =

+ SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1;

+ // Have the server process TLS_FALLBACK_SCSV so that version fallback

+ // connections are rejected.

+ ssl_options.fallback_scsv_enabled = true;

+ SpawnedTestServer test_server(

+ SpawnedTestServer::TYPE_HTTPS,

+ ssl_options,

+ base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));

+ ASSERT_TRUE(test_server.Start());

+ TestDelegate d;

+ TestURLRequestContext context(true);

+ context.Init();

+ d.set_allow_certificate_errors(true);

+ URLRequest r(

+ test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);

+ r.Start();

+ base::RunLoop().Run();

+ EXPECT_EQ(1, d.response_started_count());

+ // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version

+ // intolerance. If the fallback SCSV is processed when the original error

+ // that caused the fallback should be returned, which should be

+ // ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

+ EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, r.status().error());

// This tests that a load of www.google.com with a certificate error sets

// the |certificate_errors_are_fatal| flag correctly. This flag will cause

// the interstitial to be fatal.

« net/tools/testserver/testserver.py ('K') | « net/tools/testserver/testserver.py ('k') | third_party/tlslite/README.chromium » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')