OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
8 #include "base/location.h" | 8 #include "base/location.h" |
9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
(...skipping 2566 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
2578 ASSERT_TRUE(StartTestServer(ssl_options)); | 2578 ASSERT_TRUE(StartTestServer(ssl_options)); |
2579 | 2579 |
2580 SSLConfig config; | 2580 SSLConfig config; |
2581 config.require_ecdhe = true; | 2581 config.require_ecdhe = true; |
2582 int rv; | 2582 int rv; |
2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); | 2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); |
2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); | 2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
2585 } | 2585 } |
2586 | 2586 |
2587 TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) { | |
2588 SpawnedTestServer::SSLOptions ssl_options; | |
2589 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
2590 ssl_options.disable_channel_id = true; | |
2591 ASSERT_TRUE(StartTestServer(ssl_options)); | |
2592 | |
2593 EnableChannelID(); | |
davidben
2015/11/04 00:40:36
Is there actually any need to EnableChannelID in t
nharper
2015/11/04 02:28:04
They were from when I needed a ChannelIDService (a
| |
2594 SSLConfig ssl_config; | |
2595 ssl_config.token_binding_enabled = true; | |
2596 | |
2597 int rv; | |
2598 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2599 EXPECT_EQ(OK, rv); | |
2600 SSLInfo info; | |
2601 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | |
2602 EXPECT_TRUE(info.token_binding_negotiated); | |
2603 EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param); | |
2604 } | |
2605 | |
2606 TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) { | |
2607 SpawnedTestServer::SSLOptions ssl_options; | |
2608 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
2609 ssl_options.disable_extended_master_secret = true; | |
2610 ssl_options.disable_channel_id = true; | |
2611 ASSERT_TRUE(StartTestServer(ssl_options)); | |
2612 | |
2613 EnableChannelID(); | |
2614 SSLConfig ssl_config; | |
2615 ssl_config.token_binding_enabled = true; | |
2616 | |
2617 int rv; | |
2618 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2619 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | |
2620 } | |
2621 | |
2622 TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabledWithoutServerSupport) { | |
2623 SpawnedTestServer::SSLOptions ssl_options; | |
2624 ASSERT_TRUE(StartTestServer(ssl_options)); | |
2625 | |
2626 EnableChannelID(); | |
2627 SSLConfig ssl_config; | |
2628 ssl_config.token_binding_enabled = true; | |
2629 | |
2630 int rv; | |
2631 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2632 EXPECT_EQ(OK, rv); | |
2633 SSLInfo info; | |
2634 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | |
2635 EXPECT_FALSE(info.token_binding_negotiated); | |
2636 } | |
2637 | |
2587 // In tests requiring NPN, client_config.alpn_protos and | 2638 // In tests requiring NPN, client_config.alpn_protos and |
2588 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is | 2639 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is |
2589 // disabled due to quirks of the implementation. | 2640 // disabled due to quirks of the implementation. |
2590 | 2641 |
2591 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2642 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
2592 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | 2643 // False Start requires NPN/ALPN, ECDHE, and an AEAD. |
2593 SpawnedTestServer::SSLOptions server_options; | 2644 SpawnedTestServer::SSLOptions server_options; |
2594 server_options.key_exchanges = | 2645 server_options.key_exchanges = |
2595 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2646 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2596 server_options.bulk_ciphers = | 2647 server_options.bulk_ciphers = |
(...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3015 int rv; | 3066 int rv; |
3016 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3067 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
3017 EXPECT_EQ(OK, rv); | 3068 EXPECT_EQ(OK, rv); |
3018 | 3069 |
3019 std::string proto; | 3070 std::string proto; |
3020 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3071 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
3021 sock_->GetNextProto(&proto)); | 3072 sock_->GetNextProto(&proto)); |
3022 } | 3073 } |
3023 | 3074 |
3024 } // namespace net | 3075 } // namespace net |
OLD | NEW |