Index: net/socket/ssl_client_socket_unittest.cc |
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
index 77a0aab72aeb2fc5cb65696e72fbd5d7e3127e47..d5d91c6adb7502fff348e54b8e60b8a5747b88b2 100644 |
--- a/net/socket/ssl_client_socket_unittest.cc |
+++ b/net/socket/ssl_client_socket_unittest.cc |
@@ -3158,6 +3158,44 @@ TEST_F(SSLClientSocketTest, RequireECDHE) { |
EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
} |
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back( |
+ TB_PARAM_ECDSAP256_SHA256); |
+ ssl_options.disable_channel_id = true; |
+ ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
+ |
+ EnableChannelID(); |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256); |
+ ssl_config.channel_id_enabled = true; |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(OK, rv); |
+ SSLInfo info; |
+ EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
+ EXPECT_TRUE(info.token_binding_negotiated); |
+} |
+ |
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back( |
+ TB_PARAM_ECDSAP256_SHA256); |
+ ssl_options.disable_extended_master_secret = true; |
+ ssl_options.disable_channel_id = true; |
+ ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
+ |
+ EnableChannelID(); |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256); |
+ ssl_config.channel_id_enabled = true; |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
+} |
+ |
TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
if (!SupportsAESGCM()) { |
LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |