Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(358)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: respond to comments Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_unittest.cc
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 06be299a729d085e3ddf015f21436828e9321b63..08be390b7630e88da495678919b5724532edcd1d 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2584,6 +2584,54 @@ TEST_F(SSLClientSocketTest, RequireECDHE) {
EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
}
+TEST_F(SSLClientSocketTest, TokenBindingEnabled) {
+ SpawnedTestServer::SSLOptions ssl_options;
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
+ ssl_options.disable_channel_id = true;
davidben 2015/11/04 17:40:13 Not needed either. :-)
nharper 2015/11/04 19:43:19 Done.
+ ASSERT_TRUE(StartTestServer(ssl_options));
+
+ SSLConfig ssl_config;
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
+
+ int rv;
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+ EXPECT_EQ(OK, rv);
+ SSLInfo info;
+ EXPECT_TRUE(sock_->GetSSLInfo(&info));
+ EXPECT_TRUE(info.token_binding_negotiated);
+ EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param);
+}
+
+TEST_F(SSLClientSocketTest, TokenBindingFailsWithEmsDisabled) {
+ SpawnedTestServer::SSLOptions ssl_options;
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
+ ssl_options.disable_extended_master_secret = true;
+ ssl_options.disable_channel_id = true;
davidben 2015/11/04 17:40:13 Ditto.
nharper 2015/11/04 19:43:19 Done.
+ ASSERT_TRUE(StartTestServer(ssl_options));
+
+ SSLConfig ssl_config;
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
+
+ int rv;
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+ EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv);
+}
+
+TEST_F(SSLClientSocketTest, TokenBindingEnabledWithoutServerSupport) {
+ SpawnedTestServer::SSLOptions ssl_options;
+ ASSERT_TRUE(StartTestServer(ssl_options));
+
+ SSLConfig ssl_config;
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
+
+ int rv;
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+ EXPECT_EQ(OK, rv);
+ SSLInfo info;
+ EXPECT_TRUE(sock_->GetSSLInfo(&info));
+ EXPECT_FALSE(info.token_binding_negotiated);
+}
+
// In tests requiring NPN, client_config.alpn_protos and
// client_config.npn_protos both need to be set when using NSS, otherwise NPN is
// disabled due to quirks of the implementation.
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698