Index: net/socket/ssl_client_socket_unittest.cc |
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
index 06be299a729d085e3ddf015f21436828e9321b63..26c5f86c381209710dacb31b38a666eeb2dc8e99 100644 |
--- a/net/socket/ssl_client_socket_unittest.cc |
+++ b/net/socket/ssl_client_socket_unittest.cc |
@@ -2584,6 +2584,57 @@ TEST_F(SSLClientSocketTest, RequireECDHE) { |
EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
} |
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); |
+ ssl_options.disable_channel_id = true; |
+ ASSERT_TRUE(StartTestServer(ssl_options)); |
+ |
+ EnableChannelID(); |
davidben
2015/11/04 00:40:36
Is there actually any need to EnableChannelID in t
nharper
2015/11/04 02:28:04
They were from when I needed a ChannelIDService (a
|
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_enabled = true; |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(OK, rv); |
+ SSLInfo info; |
+ EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
+ EXPECT_TRUE(info.token_binding_negotiated); |
+ EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param); |
+} |
+ |
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); |
+ ssl_options.disable_extended_master_secret = true; |
+ ssl_options.disable_channel_id = true; |
+ ASSERT_TRUE(StartTestServer(ssl_options)); |
+ |
+ EnableChannelID(); |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_enabled = true; |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
+} |
+ |
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabledWithoutServerSupport) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ASSERT_TRUE(StartTestServer(ssl_options)); |
+ |
+ EnableChannelID(); |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_enabled = true; |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(OK, rv); |
+ SSLInfo info; |
+ EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
+ EXPECT_FALSE(info.token_binding_negotiated); |
+} |
+ |
// In tests requiring NPN, client_config.alpn_protos and |
// client_config.npn_protos both need to be set when using NSS, otherwise NPN is |
// disabled due to quirks of the implementation. |