Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(300)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_unittest.cc

Issue 109563002: net: add test for TLS_FALLBACK_SCSV (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Typo fix. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/tools/testserver/testserver.py ('k') | third_party/tlslite/README.chromium » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 116808ca7246888bd7e6981b9ebd128eab6e71ea..b90fecf431e22aa5aabf776afc6f658b154a400f 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -6050,6 +6050,46 @@ TEST_F(HTTPSRequestTest, TLSv1Fallback) {
EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
}
+// Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV.
+#if defined(USE_OPENSSL)
+TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) {
+#else
+TEST_F(HTTPSRequestTest, FallbackSCSV) {
+#endif
+ SpawnedTestServer::SSLOptions ssl_options(
+ SpawnedTestServer::SSLOptions::CERT_OK);
+ // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger
+ // a version fallback.
+ ssl_options.tls_intolerant =
+ SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
+ // Have the server process TLS_FALLBACK_SCSV so that version fallback
+ // connections are rejected.
+ ssl_options.fallback_scsv_enabled = true;
+
+ SpawnedTestServer test_server(
+ SpawnedTestServer::TYPE_HTTPS,
+ ssl_options,
+ base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
+ ASSERT_TRUE(test_server.Start());
+
+ TestDelegate d;
+ TestURLRequestContext context(true);
+ context.Init();
+ d.set_allow_certificate_errors(true);
+ URLRequest r(
+ test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);
+ r.Start();
+
+ base::RunLoop().Run();
+
+ EXPECT_EQ(1, d.response_started_count());
+ // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version
+ // intolerance. If the fallback SCSV is processed when the original error
+ // that caused the fallback should be returned, which should be
+ // ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
+ EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, r.status().error());
+}
+
// This tests that a load of www.google.com with a certificate error sets
// the |certificate_errors_are_fatal| flag correctly. This flag will cause
// the interstitial to be fatal.
« no previous file with comments | « net/tools/testserver/testserver.py ('k') | third_party/tlslite/README.chromium » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698