net/socket/ssl_client_socket_unittest.cc - Issue 1360633002: Implement Token Binding negotiation TLS extension

Unified Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags

Patch Set: Rip out TB key lookup from SSLClientSocketOpenSSL; fold TokenBindingExtension class into SSLClientS… Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_unittest.cc

diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc

index bb94cac53e44ffbe8f49477ccdb5a50b269ffb78..6ab7f7698dcf5578ea0aa3a0db605fbba8d97a07 100644

--- a/net/socket/ssl_client_socket_unittest.cc

+++ b/net/socket/ssl_client_socket_unittest.cc

@@ -3131,6 +3131,45 @@ TEST_F(SSLClientSocketTest, RequireECDHE) {

EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);

}

+TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) {

davidben 2015/10/15 21:52:09 You're not using any of the Channel ID test harnes

nharper 2015/10/20 22:52:19 I'm using EnableChannelID from SSLClientSocketChan

+ SpawnedTestServer::SSLOptions ssl_options;

+ ssl_options.supported_token_binding_params.push_back(

+ TB_PARAM_ECDSAP256_SHA256);

+ ssl_options.disable_channel_id = true;

+ ASSERT_TRUE(ConnectToTestServer(ssl_options));

+ EnableChannelID();

+ SSLConfig ssl_config;

+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256);

+ ssl_config.channel_id_enabled = true;

+ int rv;

+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

+ EXPECT_EQ(OK, rv);

+ SSLInfo info;

+ EXPECT_TRUE(sock_->GetSSLInfo(&info));

+ EXPECT_TRUE(info.token_binding_negotiated);

+ EXPECT_EQ(TB_PARAM_ECDSAP256_SHA256, info.token_binding_key_param);

+TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) {

davidben 2015/10/15 21:52:09 Ditto.

nharper 2015/10/20 22:52:19 Ditto.

+ SpawnedTestServer::SSLOptions ssl_options;

+ ssl_options.supported_token_binding_params.push_back(

+ TB_PARAM_ECDSAP256_SHA256);

+ ssl_options.disable_extended_master_secret = true;

+ ssl_options.disable_channel_id = true;

+ ASSERT_TRUE(ConnectToTestServer(ssl_options));

+ EnableChannelID();

+ SSLConfig ssl_config;

+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256);

+ ssl_config.channel_id_enabled = true;

+ int rv;

+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

+ EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv);

davidben 2015/10/15 21:52:09 Think it's worth having a test with where TB just

nharper 2015/10/20 22:52:19 I don't see any harm in adding that test. ASan did

TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {

// False Start requires NPN/ALPN, ECDHE, and an AEAD.

SpawnedTestServer::SSLOptions server_options;

« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | net/ssl/ssl_info.cc » ('J')