Index: net/socket/ssl_client_socket_unittest.cc |
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
index bb94cac53e44ffbe8f49477ccdb5a50b269ffb78..6ab7f7698dcf5578ea0aa3a0db605fbba8d97a07 100644 |
--- a/net/socket/ssl_client_socket_unittest.cc |
+++ b/net/socket/ssl_client_socket_unittest.cc |
@@ -3131,6 +3131,45 @@ TEST_F(SSLClientSocketTest, RequireECDHE) { |
EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
} |
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) { |
davidben
2015/10/15 21:52:09
You're not using any of the Channel ID test harnes
nharper
2015/10/20 22:52:19
I'm using EnableChannelID from SSLClientSocketChan
|
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back( |
+ TB_PARAM_ECDSAP256_SHA256); |
+ ssl_options.disable_channel_id = true; |
+ ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
+ |
+ EnableChannelID(); |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256); |
+ ssl_config.channel_id_enabled = true; |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(OK, rv); |
+ SSLInfo info; |
+ EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
+ EXPECT_TRUE(info.token_binding_negotiated); |
+ EXPECT_EQ(TB_PARAM_ECDSAP256_SHA256, info.token_binding_key_param); |
+} |
+ |
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) { |
davidben
2015/10/15 21:52:09
Ditto.
nharper
2015/10/20 22:52:19
Ditto.
|
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back( |
+ TB_PARAM_ECDSAP256_SHA256); |
+ ssl_options.disable_extended_master_secret = true; |
+ ssl_options.disable_channel_id = true; |
+ ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
+ |
+ EnableChannelID(); |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256); |
+ ssl_config.channel_id_enabled = true; |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
+} |
+ |
davidben
2015/10/15 21:52:09
Think it's worth having a test with where TB just
nharper
2015/10/20 22:52:19
I don't see any harm in adding that test. ASan did
|
TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
// False Start requires NPN/ALPN, ECDHE, and an AEAD. |
SpawnedTestServer::SSLOptions server_options; |