| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This test suite uses SSLClientSocket to test the implementation of | 5 // This test suite uses SSLClientSocket to test the implementation of |
| 6 // SSLServerSocket. In order to establish connections between the sockets | 6 // SSLServerSocket. In order to establish connections between the sockets |
| 7 // we need two additional classes: | 7 // we need two additional classes: |
| 8 // 1. FakeSocket | 8 // 1. FakeSocket |
| 9 // Connects SSL socket to FakeDataChannel. This class is just a stub. | 9 // Connects SSL socket to FakeDataChannel. This class is just a stub. |
| 10 // | 10 // |
| (...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 319 std::string key_string; | 319 std::string key_string; |
| 320 ASSERT_TRUE(base::ReadFileToString(key_path, &key_string)); | 320 ASSERT_TRUE(base::ReadFileToString(key_path, &key_string)); |
| 321 std::vector<uint8> key_vector( | 321 std::vector<uint8> key_vector( |
| 322 reinterpret_cast<const uint8*>(key_string.data()), | 322 reinterpret_cast<const uint8*>(key_string.data()), |
| 323 reinterpret_cast<const uint8*>(key_string.data() + | 323 reinterpret_cast<const uint8*>(key_string.data() + |
| 324 key_string.length())); | 324 key_string.length())); |
| 325 | 325 |
| 326 scoped_ptr<crypto::RSAPrivateKey> private_key( | 326 scoped_ptr<crypto::RSAPrivateKey> private_key( |
| 327 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); | 327 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); |
| 328 | 328 |
| 329 client_ssl_config_.false_start_enabled = false; | 329 SSLConfig ssl_config; |
| 330 client_ssl_config_.channel_id_enabled = false; | 330 ssl_config.false_start_enabled = false; |
| 331 ssl_config.channel_id_enabled = false; |
| 331 | 332 |
| 332 // Certificate provided by the host doesn't need authority. | 333 // Certificate provided by the host doesn't need authority. |
| 333 SSLConfig::CertAndStatus cert_and_status; | 334 SSLConfig::CertAndStatus cert_and_status; |
| 334 cert_and_status.cert_status = CERT_STATUS_AUTHORITY_INVALID; | 335 cert_and_status.cert_status = CERT_STATUS_AUTHORITY_INVALID; |
| 335 cert_and_status.der_cert = cert_der; | 336 cert_and_status.der_cert = cert_der; |
| 336 client_ssl_config_.allowed_bad_certs.push_back(cert_and_status); | 337 ssl_config.allowed_bad_certs.push_back(cert_and_status); |
| 337 | 338 |
| 338 HostPortPair host_and_pair("unittest", 0); | 339 HostPortPair host_and_pair("unittest", 0); |
| 339 SSLClientSocketContext context; | 340 SSLClientSocketContext context; |
| 340 context.cert_verifier = cert_verifier_.get(); | 341 context.cert_verifier = cert_verifier_.get(); |
| 341 context.transport_security_state = transport_security_state_.get(); | 342 context.transport_security_state = transport_security_state_.get(); |
| 342 client_socket_ = socket_factory_->CreateSSLClientSocket( | 343 client_socket_ = |
| 343 client_connection.Pass(), host_and_pair, client_ssl_config_, context); | 344 socket_factory_->CreateSSLClientSocket( |
| 344 server_socket_ = | 345 client_connection.Pass(), host_and_pair, ssl_config, context); |
| 345 CreateSSLServerSocket(server_socket.Pass(), cert.get(), | 346 server_socket_ = CreateSSLServerSocket( |
| 346 private_key.get(), server_ssl_config_); | 347 server_socket.Pass(), |
| 348 cert.get(), private_key.get(), SSLConfig()); |
| 347 } | 349 } |
| 348 | 350 |
| 349 FakeDataChannel channel_1_; | 351 FakeDataChannel channel_1_; |
| 350 FakeDataChannel channel_2_; | 352 FakeDataChannel channel_2_; |
| 351 SSLConfig client_ssl_config_; | |
| 352 SSLConfig server_ssl_config_; | |
| 353 scoped_ptr<SSLClientSocket> client_socket_; | 353 scoped_ptr<SSLClientSocket> client_socket_; |
| 354 scoped_ptr<SSLServerSocket> server_socket_; | 354 scoped_ptr<SSLServerSocket> server_socket_; |
| 355 ClientSocketFactory* socket_factory_; | 355 ClientSocketFactory* socket_factory_; |
| 356 scoped_ptr<MockCertVerifier> cert_verifier_; | 356 scoped_ptr<MockCertVerifier> cert_verifier_; |
| 357 scoped_ptr<TransportSecurityState> transport_security_state_; | 357 scoped_ptr<TransportSecurityState> transport_security_state_; |
| 358 }; | 358 }; |
| 359 | 359 |
| 360 // This test only executes creation of client and server sockets. This is to | 360 // This test only executes creation of client and server sockets. This is to |
| 361 // test that creation of sockets doesn't crash and have minimal code to run | 361 // test that creation of sockets doesn't crash and have minimal code to run |
| 362 // under valgrind in order to help debugging memory problems. | 362 // under valgrind in order to help debugging memory problems. |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 584 | 584 |
| 585 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad"; | 585 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad"; |
| 586 unsigned char client_bad[kKeyingMaterialSize]; | 586 unsigned char client_bad[kKeyingMaterialSize]; |
| 587 rv = client_socket_->ExportKeyingMaterial(kKeyingLabelBad, | 587 rv = client_socket_->ExportKeyingMaterial(kKeyingLabelBad, |
| 588 false, kKeyingContext, | 588 false, kKeyingContext, |
| 589 client_bad, sizeof(client_bad)); | 589 client_bad, sizeof(client_bad)); |
| 590 ASSERT_EQ(rv, OK); | 590 ASSERT_EQ(rv, OK); |
| 591 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out))); | 591 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out))); |
| 592 } | 592 } |
| 593 | 593 |
| 594 // Verifies that SSLConfig::require_ecdhe flags works properly. | |
| 595 TEST_F(SSLServerSocketTest, RequireEcdheFlag) { | |
| 596 // Disable all ECDHE suites on the client side. | |
| 597 uint16_t kEcdheCiphers[] = { | |
| 598 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA | |
| 599 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA | |
| 600 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA | |
| 601 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA | |
| 602 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA | |
| 603 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA | |
| 604 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | |
| 605 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
| 606 0xcc13, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | |
| 607 0xcc14, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | |
| 608 }; | |
| 609 client_ssl_config_.disabled_cipher_suites.assign( | |
| 610 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers)); | |
| 611 | |
| 612 // Require ECDHE on the server. | |
| 613 server_ssl_config_.require_ecdhe = true; | |
| 614 | |
| 615 Initialize(); | |
| 616 | |
| 617 TestCompletionCallback connect_callback; | |
| 618 TestCompletionCallback handshake_callback; | |
| 619 | |
| 620 int client_ret = client_socket_->Connect(connect_callback.callback()); | |
| 621 int server_ret = server_socket_->Handshake(handshake_callback.callback()); | |
| 622 | |
| 623 client_ret = connect_callback.GetResult(client_ret); | |
| 624 server_ret = handshake_callback.GetResult(client_ret); | |
| 625 | |
| 626 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, client_ret); | |
| 627 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, server_ret); | |
| 628 } | |
| 629 | |
| 630 } // namespace net | 594 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1131573005:
Revert of Use cert config options in SSLServerSocketOpenSSL. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master