OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
8 | 8 |
9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
10 #include <windows.h> | 10 #include <windows.h> |
11 #include <shlobj.h> | 11 #include <shlobj.h> |
12 #endif | 12 #endif |
13 | 13 |
14 #include <stdint.h> | 14 #include <stdint.h> |
15 | 15 |
16 #include <algorithm> | 16 #include <algorithm> |
17 #include <limits> | 17 #include <limits> |
18 | 18 |
| 19 #include "base/base64url.h" |
19 #include "base/bind.h" | 20 #include "base/bind.h" |
20 #include "base/compiler_specific.h" | 21 #include "base/compiler_specific.h" |
21 #include "base/files/file_path.h" | 22 #include "base/files/file_path.h" |
22 #include "base/files/file_util.h" | 23 #include "base/files/file_util.h" |
23 #include "base/files/scoped_temp_dir.h" | 24 #include "base/files/scoped_temp_dir.h" |
24 #include "base/format_macros.h" | 25 #include "base/format_macros.h" |
25 #include "base/json/json_reader.h" | 26 #include "base/json/json_reader.h" |
26 #include "base/location.h" | 27 #include "base/location.h" |
27 #include "base/macros.h" | 28 #include "base/macros.h" |
28 #include "base/memory/scoped_ptr.h" | 29 #include "base/memory/scoped_ptr.h" |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
72 #include "net/http/http_network_session.h" | 73 #include "net/http/http_network_session.h" |
73 #include "net/http/http_request_headers.h" | 74 #include "net/http/http_request_headers.h" |
74 #include "net/http/http_response_headers.h" | 75 #include "net/http/http_response_headers.h" |
75 #include "net/http/http_util.h" | 76 #include "net/http/http_util.h" |
76 #include "net/log/net_log.h" | 77 #include "net/log/net_log.h" |
77 #include "net/log/test_net_log.h" | 78 #include "net/log/test_net_log.h" |
78 #include "net/log/test_net_log_entry.h" | 79 #include "net/log/test_net_log_entry.h" |
79 #include "net/log/test_net_log_util.h" | 80 #include "net/log/test_net_log_util.h" |
80 #include "net/proxy/proxy_service.h" | 81 #include "net/proxy/proxy_service.h" |
81 #include "net/socket/ssl_client_socket.h" | 82 #include "net/socket/ssl_client_socket.h" |
| 83 #include "net/ssl/channel_id_service.h" |
| 84 #include "net/ssl/default_channel_id_store.h" |
82 #include "net/ssl/ssl_cipher_suite_names.h" | 85 #include "net/ssl/ssl_cipher_suite_names.h" |
83 #include "net/ssl/ssl_connection_status_flags.h" | 86 #include "net/ssl/ssl_connection_status_flags.h" |
84 #include "net/ssl/ssl_server_config.h" | 87 #include "net/ssl/ssl_server_config.h" |
| 88 #include "net/ssl/token_binding.h" |
85 #include "net/test/cert_test_util.h" | 89 #include "net/test/cert_test_util.h" |
86 #include "net/test/embedded_test_server/embedded_test_server.h" | 90 #include "net/test/embedded_test_server/embedded_test_server.h" |
87 #include "net/test/embedded_test_server/http_request.h" | 91 #include "net/test/embedded_test_server/http_request.h" |
88 #include "net/test/embedded_test_server/http_response.h" | 92 #include "net/test/embedded_test_server/http_response.h" |
89 #include "net/test/spawned_test_server/spawned_test_server.h" | 93 #include "net/test/spawned_test_server/spawned_test_server.h" |
90 #include "net/test/url_request/url_request_failed_job.h" | 94 #include "net/test/url_request/url_request_failed_job.h" |
91 #include "net/url_request/data_protocol_handler.h" | 95 #include "net/url_request/data_protocol_handler.h" |
92 #include "net/url_request/static_http_user_agent_settings.h" | 96 #include "net/url_request/static_http_user_agent_settings.h" |
93 #include "net/url_request/url_request.h" | 97 #include "net/url_request/url_request.h" |
94 #include "net/url_request/url_request_filter.h" | 98 #include "net/url_request/url_request_filter.h" |
(...skipping 3268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3363 scoped_ptr<test_server::BasicHttpResponse> http_response( | 3367 scoped_ptr<test_server::BasicHttpResponse> http_response( |
3364 new test_server::BasicHttpResponse); | 3368 new test_server::BasicHttpResponse); |
3365 http_response->set_code(HTTP_FOUND); | 3369 http_response->set_code(HTTP_FOUND); |
3366 http_response->AddCustomHeader("Location", | 3370 http_response->AddCustomHeader("Location", |
3367 "http://www.destination.com/foo.js"); | 3371 "http://www.destination.com/foo.js"); |
3368 return std::move(http_response); | 3372 return std::move(http_response); |
3369 } | 3373 } |
3370 | 3374 |
3371 } // namespace | 3375 } // namespace |
3372 | 3376 |
3373 // In this unit test, we're using the EmbeddedTestServer as a proxy server and | 3377 class TestSSLConfigService : public SSLConfigService { |
| 3378 public: |
| 3379 TestSSLConfigService(bool ev_enabled, |
| 3380 bool online_rev_checking, |
| 3381 bool rev_checking_required_local_anchors, |
| 3382 bool token_binding_enabled) |
| 3383 : ev_enabled_(ev_enabled), |
| 3384 online_rev_checking_(online_rev_checking), |
| 3385 rev_checking_required_local_anchors_( |
| 3386 rev_checking_required_local_anchors), |
| 3387 token_binding_enabled_(token_binding_enabled), |
| 3388 min_version_(kDefaultSSLVersionMin), |
| 3389 fallback_min_version_(kDefaultSSLVersionFallbackMin) {} |
| 3390 |
| 3391 void set_min_version(uint16_t version) { min_version_ = version; } |
| 3392 |
| 3393 void set_fallback_min_version(uint16_t version) { |
| 3394 fallback_min_version_ = version; |
| 3395 } |
| 3396 |
| 3397 // SSLConfigService: |
| 3398 void GetSSLConfig(SSLConfig* config) override { |
| 3399 *config = SSLConfig(); |
| 3400 config->rev_checking_enabled = online_rev_checking_; |
| 3401 config->verify_ev_cert = ev_enabled_; |
| 3402 config->rev_checking_required_local_anchors = |
| 3403 rev_checking_required_local_anchors_; |
| 3404 if (fallback_min_version_) { |
| 3405 config->version_fallback_min = fallback_min_version_; |
| 3406 } |
| 3407 if (min_version_) { |
| 3408 config->version_min = min_version_; |
| 3409 } |
| 3410 if (token_binding_enabled_) { |
| 3411 config->token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 3412 } |
| 3413 } |
| 3414 |
| 3415 protected: |
| 3416 ~TestSSLConfigService() override {} |
| 3417 |
| 3418 private: |
| 3419 const bool ev_enabled_; |
| 3420 const bool online_rev_checking_; |
| 3421 const bool rev_checking_required_local_anchors_; |
| 3422 const bool token_binding_enabled_; |
| 3423 uint16_t min_version_; |
| 3424 uint16_t fallback_min_version_; |
| 3425 }; |
| 3426 |
| 3427 // TODO(svaldez): Update tests to use EmbeddedTestServer. |
| 3428 #if !defined(OS_IOS) |
| 3429 class TokenBindingURLRequestTest : public URLRequestTestHTTP { |
| 3430 public: |
| 3431 void SetUp() override { |
| 3432 default_context_.set_ssl_config_service( |
| 3433 new TestSSLConfigService(false, false, false, true)); |
| 3434 channel_id_service_.reset(new ChannelIDService( |
| 3435 new DefaultChannelIDStore(NULL), base::ThreadTaskRunnerHandle::Get())); |
| 3436 default_context_.set_channel_id_service(channel_id_service_.get()); |
| 3437 URLRequestTestHTTP::SetUp(); |
| 3438 } |
| 3439 |
| 3440 protected: |
| 3441 scoped_ptr<ChannelIDService> channel_id_service_; |
| 3442 }; |
| 3443 |
| 3444 TEST_F(TokenBindingURLRequestTest, TokenBindingTest) { |
| 3445 SpawnedTestServer::SSLOptions ssl_options; |
| 3446 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 3447 SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS, |
| 3448 ssl_options, |
| 3449 base::FilePath(kTestFilePath)); |
| 3450 ASSERT_TRUE(https_test_server.Start()); |
| 3451 |
| 3452 TestDelegate d; |
| 3453 { |
| 3454 scoped_ptr<URLRequest> r(default_context_.CreateRequest( |
| 3455 https_test_server.GetURL("tokbind-ekm"), DEFAULT_PRIORITY, &d)); |
| 3456 r->Start(); |
| 3457 EXPECT_TRUE(r->is_pending()); |
| 3458 |
| 3459 base::RunLoop().Run(); |
| 3460 |
| 3461 EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status()); |
| 3462 |
| 3463 HttpRequestHeaders headers; |
| 3464 std::string token_binding_header, token_binding_message; |
| 3465 EXPECT_TRUE(r->GetFullRequestHeaders(&headers)); |
| 3466 EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, |
| 3467 &token_binding_header)); |
| 3468 EXPECT_TRUE(base::Base64UrlDecode( |
| 3469 token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING, |
| 3470 &token_binding_message)); |
| 3471 base::StringPiece ec_point, signature; |
| 3472 EXPECT_TRUE( |
| 3473 ParseTokenBindingMessage(token_binding_message, &ec_point, &signature)); |
| 3474 |
| 3475 EXPECT_GT(d.bytes_received(), 0); |
| 3476 std::string ekm = d.data_received(); |
| 3477 |
| 3478 EXPECT_TRUE(VerifyEKMSignature(ec_point, signature, ekm)); |
| 3479 } |
| 3480 } |
| 3481 #endif // !defined(OS_IOS) |
| 3482 |
| 3483 // In this unit test, we're using the HTTPTestServer as a proxy server and |
3374 // issuing a CONNECT request with the magic host name "www.redirect.com". | 3484 // issuing a CONNECT request with the magic host name "www.redirect.com". |
3375 // The EmbeddedTestServer will return a 302 response, which we should not | 3485 // The EmbeddedTestServer will return a 302 response, which we should not |
3376 // follow. | 3486 // follow. |
3377 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { | 3487 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { |
3378 http_test_server()->RegisterRequestHandler( | 3488 http_test_server()->RegisterRequestHandler( |
3379 base::Bind(&HandleRedirectConnect)); | 3489 base::Bind(&HandleRedirectConnect)); |
3380 ASSERT_TRUE(http_test_server()->Start()); | 3490 ASSERT_TRUE(http_test_server()->Start()); |
3381 | 3491 |
3382 TestNetworkDelegate network_delegate; // Must outlive URLRequest. | 3492 TestNetworkDelegate network_delegate; // Must outlive URLRequest. |
3383 TestURLRequestContextWithProxy context( | 3493 TestURLRequestContextWithProxy context( |
(...skipping 5137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8521 for (size_t i = 0; i < lines.size(); i++) { | 8631 for (size_t i = 0; i < lines.size(); i++) { |
8522 int cipher_suite; | 8632 int cipher_suite; |
8523 ASSERT_TRUE(base::StringToInt(lines[i], &cipher_suite)); | 8633 ASSERT_TRUE(base::StringToInt(lines[i], &cipher_suite)); |
8524 EXPECT_FALSE(IsECDSACipherSuite(cipher_suite)) | 8634 EXPECT_FALSE(IsECDSACipherSuite(cipher_suite)) |
8525 << "ClientHello advertised " << cipher_suite; | 8635 << "ClientHello advertised " << cipher_suite; |
8526 } | 8636 } |
8527 } | 8637 } |
8528 | 8638 |
8529 #endif // OS_WIN | 8639 #endif // OS_WIN |
8530 | 8640 |
8531 class TestSSLConfigService : public SSLConfigService { | |
8532 public: | |
8533 TestSSLConfigService(bool ev_enabled, | |
8534 bool online_rev_checking, | |
8535 bool rev_checking_required_local_anchors) | |
8536 : ev_enabled_(ev_enabled), | |
8537 online_rev_checking_(online_rev_checking), | |
8538 rev_checking_required_local_anchors_( | |
8539 rev_checking_required_local_anchors), | |
8540 min_version_(kDefaultSSLVersionMin), | |
8541 fallback_min_version_(kDefaultSSLVersionFallbackMin) {} | |
8542 | |
8543 void set_min_version(uint16_t version) { min_version_ = version; } | |
8544 | |
8545 void set_fallback_min_version(uint16_t version) { | |
8546 fallback_min_version_ = version; | |
8547 } | |
8548 | |
8549 // SSLConfigService: | |
8550 void GetSSLConfig(SSLConfig* config) override { | |
8551 *config = SSLConfig(); | |
8552 config->rev_checking_enabled = online_rev_checking_; | |
8553 config->verify_ev_cert = ev_enabled_; | |
8554 config->rev_checking_required_local_anchors = | |
8555 rev_checking_required_local_anchors_; | |
8556 if (fallback_min_version_) { | |
8557 config->version_fallback_min = fallback_min_version_; | |
8558 } | |
8559 if (min_version_) { | |
8560 config->version_min = min_version_; | |
8561 } | |
8562 } | |
8563 | |
8564 protected: | |
8565 ~TestSSLConfigService() override {} | |
8566 | |
8567 private: | |
8568 const bool ev_enabled_; | |
8569 const bool online_rev_checking_; | |
8570 const bool rev_checking_required_local_anchors_; | |
8571 uint16_t min_version_; | |
8572 uint16_t fallback_min_version_; | |
8573 }; | |
8574 | |
8575 class FallbackTestURLRequestContext : public TestURLRequestContext { | 8641 class FallbackTestURLRequestContext : public TestURLRequestContext { |
8576 public: | 8642 public: |
8577 explicit FallbackTestURLRequestContext(bool delay_initialization) | 8643 explicit FallbackTestURLRequestContext(bool delay_initialization) |
8578 : TestURLRequestContext(delay_initialization) {} | 8644 : TestURLRequestContext(delay_initialization) {} |
8579 | 8645 |
8580 void set_fallback_min_version(uint16_t version) { | 8646 void set_fallback_min_version(uint16_t version) { |
8581 TestSSLConfigService *ssl_config_service = | 8647 TestSSLConfigService* ssl_config_service = new TestSSLConfigService( |
8582 new TestSSLConfigService(true /* check for EV */, | 8648 true /* check for EV */, false /* online revocation checking */, |
8583 false /* online revocation checking */, | 8649 false /* require rev. checking for local |
8584 false /* require rev. checking for local | 8650 anchors */, |
8585 anchors */); | 8651 false /* token binding enabled */); |
8586 ssl_config_service->set_fallback_min_version(version); | 8652 ssl_config_service->set_fallback_min_version(version); |
8587 set_ssl_config_service(ssl_config_service); | 8653 set_ssl_config_service(ssl_config_service); |
8588 } | 8654 } |
8589 }; | 8655 }; |
8590 | 8656 |
8591 class HTTPSFallbackTest : public testing::Test { | 8657 class HTTPSFallbackTest : public testing::Test { |
8592 public: | 8658 public: |
8593 HTTPSFallbackTest() : context_(true) {} | 8659 HTTPSFallbackTest() : context_(true) {} |
8594 ~HTTPSFallbackTest() override {} | 8660 ~HTTPSFallbackTest() override {} |
8595 | 8661 |
(...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8950 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 9016 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
8951 ShutdownNSSHttpIO(); | 9017 ShutdownNSSHttpIO(); |
8952 #endif | 9018 #endif |
8953 } | 9019 } |
8954 | 9020 |
8955 protected: | 9021 protected: |
8956 // SetupContext configures the URLRequestContext that will be used for making | 9022 // SetupContext configures the URLRequestContext that will be used for making |
8957 // connetions to testserver. This can be overridden in test subclasses for | 9023 // connetions to testserver. This can be overridden in test subclasses for |
8958 // different behaviour. | 9024 // different behaviour. |
8959 virtual void SetupContext(URLRequestContext* context) { | 9025 virtual void SetupContext(URLRequestContext* context) { |
8960 context->set_ssl_config_service( | 9026 context->set_ssl_config_service(new TestSSLConfigService( |
8961 new TestSSLConfigService(true /* check for EV */, | 9027 true /* check for EV */, true /* online revocation checking */, |
8962 true /* online revocation checking */, | 9028 false /* require rev. checking for local |
8963 false /* require rev. checking for local | 9029 anchors */, |
8964 anchors */)); | 9030 false /* token binding enabled */)); |
8965 } | 9031 } |
8966 | 9032 |
8967 scoped_ptr<ScopedTestRoot> test_root_; | 9033 scoped_ptr<ScopedTestRoot> test_root_; |
8968 TestURLRequestContext context_; | 9034 TestURLRequestContext context_; |
8969 scoped_ptr<ScopedTestEVPolicy> ev_test_policy_; | 9035 scoped_ptr<ScopedTestEVPolicy> ev_test_policy_; |
8970 }; | 9036 }; |
8971 | 9037 |
8972 static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() { | 9038 static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() { |
8973 #if defined(OS_WIN) | 9039 #if defined(OS_WIN) |
8974 // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't | 9040 // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9145 DoConnection(ssl_options, &cert_status); | 9211 DoConnection(ssl_options, &cert_status); |
9146 | 9212 |
9147 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 9213 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
9148 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9214 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
9149 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9215 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
9150 } | 9216 } |
9151 | 9217 |
9152 class HTTPSHardFailTest : public HTTPSOCSPTest { | 9218 class HTTPSHardFailTest : public HTTPSOCSPTest { |
9153 protected: | 9219 protected: |
9154 void SetupContext(URLRequestContext* context) override { | 9220 void SetupContext(URLRequestContext* context) override { |
9155 context->set_ssl_config_service( | 9221 context->set_ssl_config_service(new TestSSLConfigService( |
9156 new TestSSLConfigService(false /* check for EV */, | 9222 false /* check for EV */, false /* online revocation checking */, |
9157 false /* online revocation checking */, | 9223 true /* require rev. checking for local |
9158 true /* require rev. checking for local | 9224 anchors */, |
9159 anchors */)); | 9225 false /* token binding enabled */)); |
9160 } | 9226 } |
9161 }; | 9227 }; |
9162 | 9228 |
9163 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { | 9229 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { |
9164 if (!SystemSupportsOCSP()) { | 9230 if (!SystemSupportsOCSP()) { |
9165 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; | 9231 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; |
9166 return; | 9232 return; |
9167 } | 9233 } |
9168 | 9234 |
9169 if (!SystemSupportsHardFailRevocationChecking()) { | 9235 if (!SystemSupportsHardFailRevocationChecking()) { |
(...skipping 12 matching lines...) Expand all Loading... |
9182 EXPECT_EQ(CERT_STATUS_REVOKED, | 9248 EXPECT_EQ(CERT_STATUS_REVOKED, |
9183 cert_status & CERT_STATUS_REVOKED); | 9249 cert_status & CERT_STATUS_REVOKED); |
9184 | 9250 |
9185 // Without a positive OCSP response, we shouldn't show the EV status. | 9251 // Without a positive OCSP response, we shouldn't show the EV status. |
9186 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9252 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
9187 } | 9253 } |
9188 | 9254 |
9189 class HTTPSEVCRLSetTest : public HTTPSOCSPTest { | 9255 class HTTPSEVCRLSetTest : public HTTPSOCSPTest { |
9190 protected: | 9256 protected: |
9191 void SetupContext(URLRequestContext* context) override { | 9257 void SetupContext(URLRequestContext* context) override { |
9192 context->set_ssl_config_service( | 9258 context->set_ssl_config_service(new TestSSLConfigService( |
9193 new TestSSLConfigService(true /* check for EV */, | 9259 true /* check for EV */, false /* online revocation checking */, |
9194 false /* online revocation checking */, | 9260 false /* require rev. checking for local |
9195 false /* require rev. checking for local | 9261 anchors */, |
9196 anchors */)); | 9262 false /* token binding enabled */)); |
9197 } | 9263 } |
9198 }; | 9264 }; |
9199 | 9265 |
9200 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { | 9266 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { |
9201 if (!SystemSupportsOCSP()) { | 9267 if (!SystemSupportsOCSP()) { |
9202 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; | 9268 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; |
9203 return; | 9269 return; |
9204 } | 9270 } |
9205 | 9271 |
9206 SpawnedTestServer::SSLOptions ssl_options( | 9272 SpawnedTestServer::SSLOptions ssl_options( |
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9367 | 9433 |
9368 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); | 9434 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); |
9369 | 9435 |
9370 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9436 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
9371 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9437 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
9372 } | 9438 } |
9373 | 9439 |
9374 class HTTPSCRLSetTest : public HTTPSOCSPTest { | 9440 class HTTPSCRLSetTest : public HTTPSOCSPTest { |
9375 protected: | 9441 protected: |
9376 void SetupContext(URLRequestContext* context) override { | 9442 void SetupContext(URLRequestContext* context) override { |
9377 context->set_ssl_config_service( | 9443 context->set_ssl_config_service(new TestSSLConfigService( |
9378 new TestSSLConfigService(false /* check for EV */, | 9444 false /* check for EV */, false /* online revocation checking */, |
9379 false /* online revocation checking */, | 9445 false /* require rev. checking for local |
9380 false /* require rev. checking for local | 9446 anchors */, |
9381 anchors */)); | 9447 false /* token binding enabled */)); |
9382 } | 9448 } |
9383 }; | 9449 }; |
9384 | 9450 |
9385 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { | 9451 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { |
9386 SpawnedTestServer::SSLOptions ssl_options( | 9452 SpawnedTestServer::SSLOptions ssl_options( |
9387 SpawnedTestServer::SSLOptions::CERT_AUTO); | 9453 SpawnedTestServer::SSLOptions::CERT_AUTO); |
9388 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; | 9454 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; |
9389 SSLConfigService::SetCRLSet( | 9455 SSLConfigService::SetCRLSet( |
9390 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); | 9456 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); |
9391 | 9457 |
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9799 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 9865 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
9800 | 9866 |
9801 req->Start(); | 9867 req->Start(); |
9802 req->Cancel(); | 9868 req->Cancel(); |
9803 base::RunLoop().RunUntilIdle(); | 9869 base::RunLoop().RunUntilIdle(); |
9804 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 9870 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
9805 EXPECT_EQ(0, d.received_redirect_count()); | 9871 EXPECT_EQ(0, d.received_redirect_count()); |
9806 } | 9872 } |
9807 | 9873 |
9808 } // namespace net | 9874 } // namespace net |
OLD | NEW |