Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(542)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1191623002: Require ECDHE cipher in remoting client. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/callback_helpers.h" 7 #include "base/callback_helpers.h"
8 #include "base/location.h" 8 #include "base/location.h"
9 #include "base/memory/ref_counted.h" 9 #include "base/memory/ref_counted.h"
10 #include "base/run_loop.h" 10 #include "base/run_loop.h"
(...skipping 3086 matching lines...) Expand 10 before | Expand all | Expand 10 after
3097 // However, enabling deprecated ciphers connects fresh. 3097 // However, enabling deprecated ciphers connects fresh.
3098 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); 3098 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
3099 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); 3099 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
3100 sock = CreateSSLClientSocket( 3100 sock = CreateSSLClientSocket(
3101 transport.Pass(), test_server()->host_port_pair(), deprecated_ssl_config); 3101 transport.Pass(), test_server()->host_port_pair(), deprecated_ssl_config);
3102 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); 3102 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
3103 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info)); 3103 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
3104 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 3104 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3105 } 3105 }
3106 3106
3107 TEST_F(SSLClientSocketTest, RequireECDHE) {
3108 // Run test server without ECDHE.
3109 SpawnedTestServer::SSLOptions ssl_options(
3110 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME);
davidben 2015/06/16 19:18:21 This should just be the parameterless one I think.
Sergey Ulanov 2015/06/16 19:29:07 Done
3111 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA;
3112 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, ssl_options,
3113 base::FilePath());
3114 ASSERT_TRUE(test_server.Start());
3115
3116 AddressList addr;
3117 ASSERT_TRUE(test_server.GetAddressList(&addr));
3118
3119 TestCompletionCallback callback;
3120 TestNetLog log;
3121 scoped_ptr<StreamSocket> transport(
3122 new TCPClientSocket(addr, &log, NetLog::Source()));
3123 int rv = transport->Connect(callback.callback());
3124 if (rv == ERR_IO_PENDING)
3125 rv = callback.WaitForResult();
davidben 2015/06/16 19:18:21 Nit: This can be int rv = ....(callback.callbac
Sergey Ulanov 2015/06/16 19:29:07 Done.
3126 EXPECT_EQ(OK, rv);
3127
3128 SSLConfig config;
3129 config.require_ecdhe = true;
3130
3131 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
3132 transport.Pass(), test_server.host_port_pair(), config));
3133
3134 rv = sock->Connect(callback.callback());
3135
3136 if (rv == ERR_IO_PENDING)
3137 rv = callback.WaitForResult();
3138
3139 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
3140 }
3141
3107 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { 3142 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
3108 if (!SupportsAESGCM()) { 3143 if (!SupportsAESGCM()) {
3109 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; 3144 LOG(WARNING) << "Skipping test because AES-GCM is not supported.";
3110 return; 3145 return;
3111 } 3146 }
3112 3147
3113 // False Start requires NPN/ALPN, ECDHE, and an AEAD. 3148 // False Start requires NPN/ALPN, ECDHE, and an AEAD.
3114 SpawnedTestServer::SSLOptions server_options; 3149 SpawnedTestServer::SSLOptions server_options;
3115 server_options.key_exchanges = 3150 server_options.key_exchanges =
3116 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; 3151 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
(...skipping 303 matching lines...) Expand 10 before | Expand all | Expand 10 after
3420 ssl_config.channel_id_enabled = true; 3455 ssl_config.channel_id_enabled = true;
3421 3456
3422 int rv; 3457 int rv;
3423 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3458 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3424 3459
3425 EXPECT_EQ(ERR_UNEXPECTED, rv); 3460 EXPECT_EQ(ERR_UNEXPECTED, rv);
3426 EXPECT_FALSE(sock_->IsConnected()); 3461 EXPECT_FALSE(sock_->IsConnected());
3427 } 3462 }
3428 3463
3429 } // namespace net 3464 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698