Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(512)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: Rip out TB key lookup from SSLClientSocketOpenSSL; fold TokenBindingExtension class into SSLClientS… Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | net/ssl/ssl_info.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/callback_helpers.h" 7 #include "base/callback_helpers.h"
8 #include "base/location.h" 8 #include "base/location.h"
9 #include "base/memory/ref_counted.h" 9 #include "base/memory/ref_counted.h"
10 #include "base/run_loop.h" 10 #include "base/run_loop.h"
(...skipping 3113 matching lines...) Expand 10 before | Expand all | Expand 10 after
3124 3124
3125 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 3125 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
3126 transport.Pass(), test_server.host_port_pair(), config)); 3126 transport.Pass(), test_server.host_port_pair(), config));
3127 3127
3128 rv = sock->Connect(callback.callback()); 3128 rv = sock->Connect(callback.callback());
3129 rv = callback.GetResult(rv); 3129 rv = callback.GetResult(rv);
3130 3130
3131 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 3131 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
3132 } 3132 }
3133 3133
3134 TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) {
davidben 2015/10/15 21:52:09 You're not using any of the Channel ID test harnes
nharper 2015/10/20 22:52:19 I'm using EnableChannelID from SSLClientSocketChan
3135 SpawnedTestServer::SSLOptions ssl_options;
3136 ssl_options.supported_token_binding_params.push_back(
3137 TB_PARAM_ECDSAP256_SHA256);
3138 ssl_options.disable_channel_id = true;
3139 ASSERT_TRUE(ConnectToTestServer(ssl_options));
3140
3141 EnableChannelID();
3142 SSLConfig ssl_config;
3143 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256);
3144 ssl_config.channel_id_enabled = true;
3145
3146 int rv;
3147 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3148 EXPECT_EQ(OK, rv);
3149 SSLInfo info;
3150 EXPECT_TRUE(sock_->GetSSLInfo(&info));
3151 EXPECT_TRUE(info.token_binding_negotiated);
3152 EXPECT_EQ(TB_PARAM_ECDSAP256_SHA256, info.token_binding_key_param);
3153 }
3154
3155 TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) {
davidben 2015/10/15 21:52:09 Ditto.
nharper 2015/10/20 22:52:19 Ditto.
3156 SpawnedTestServer::SSLOptions ssl_options;
3157 ssl_options.supported_token_binding_params.push_back(
3158 TB_PARAM_ECDSAP256_SHA256);
3159 ssl_options.disable_extended_master_secret = true;
3160 ssl_options.disable_channel_id = true;
3161 ASSERT_TRUE(ConnectToTestServer(ssl_options));
3162
3163 EnableChannelID();
3164 SSLConfig ssl_config;
3165 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256);
3166 ssl_config.channel_id_enabled = true;
3167
3168 int rv;
3169 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3170 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv);
3171 }
3172
davidben 2015/10/15 21:52:09 Think it's worth having a test with where TB just
nharper 2015/10/20 22:52:19 I don't see any harm in adding that test. ASan did
3134 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { 3173 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
3135 // False Start requires NPN/ALPN, ECDHE, and an AEAD. 3174 // False Start requires NPN/ALPN, ECDHE, and an AEAD.
3136 SpawnedTestServer::SSLOptions server_options; 3175 SpawnedTestServer::SSLOptions server_options;
3137 server_options.key_exchanges = 3176 server_options.key_exchanges =
3138 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; 3177 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
3139 server_options.bulk_ciphers = 3178 server_options.bulk_ciphers =
3140 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; 3179 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
3141 server_options.enable_npn = true; 3180 server_options.enable_npn = true;
3142 SSLConfig client_config; 3181 SSLConfig client_config;
3143 client_config.next_protos.push_back(kProtoHTTP11); 3182 client_config.next_protos.push_back(kProtoHTTP11);
(...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after
3412 ssl_config.channel_id_enabled = true; 3451 ssl_config.channel_id_enabled = true;
3413 3452
3414 int rv; 3453 int rv;
3415 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3454 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3416 3455
3417 EXPECT_EQ(ERR_UNEXPECTED, rv); 3456 EXPECT_EQ(ERR_UNEXPECTED, rv);
3418 EXPECT_FALSE(sock_->IsConnected()); 3457 EXPECT_FALSE(sock_->IsConnected());
3419 } 3458 }
3420 3459
3421 } // namespace net 3460 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | net/ssl/ssl_info.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698