| Index: net/quic/crypto/crypto_server_test.cc
|
| diff --git a/net/quic/crypto/crypto_server_test.cc b/net/quic/crypto/crypto_server_test.cc
|
| index 6c991f2313a7a989141f04157ad9971a526c229d..157ba5b44fbfb547abb94c465616eb35b947e45b 100644
|
| --- a/net/quic/crypto/crypto_server_test.cc
|
| +++ b/net/quic/crypto/crypto_server_test.cc
|
| @@ -404,32 +404,37 @@ TEST_P(CryptoServerTest, BadSNI) {
|
| // See http://crbug.com/514472.
|
| TEST_P(CryptoServerTest, DefaultCert) {
|
| // Check that the server replies with a default certificate when no SNI is
|
| - // specified.
|
| + // specified. The CHLO is constructed to generate a REJ with certs, so must
|
| + // not contain a valid STK, and must include PDMD.
|
| // clang-format off
|
| CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| "CHLO",
|
| "AEAD", "AESG",
|
| "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| "PUBS", pub_hex_.c_str(),
|
| "NONC", nonce_hex_.c_str(),
|
| "PDMD", "X509",
|
| - "XLCT", XlctHexString().c_str(),
|
| "VER\0", client_version_string_.c_str(),
|
| "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| nullptr);
|
| // clang-format on
|
|
|
| ShouldSucceed(msg);
|
| - StringPiece cert, proof;
|
| - EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
|
| - EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));
|
| - EXPECT_NE(0u, cert.size());
|
| - EXPECT_NE(0u, proof.size());
|
| - const HandshakeFailureReason kRejectReasons[] = {
|
| - CLIENT_NONCE_INVALID_TIME_FAILURE};
|
| - CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| + if (client_version_ <= QUIC_VERSION_26) {
|
| + // TODO(rtenneti): Enable cert tests for QUIC_VERSION_27 and above.
|
| + StringPiece cert, proof;
|
| + EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
|
| + EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));
|
| + EXPECT_NE(0u, cert.size());
|
| + EXPECT_NE(0u, proof.size());
|
| + const HandshakeFailureReason kRejectReasons[] = {
|
| + CLIENT_NONCE_INVALID_TIME_FAILURE};
|
| + CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| + } else {
|
| + const HandshakeFailureReason kRejectReasons[] = {
|
| + SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
|
| + CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| + }
|
| }
|
|
|
| TEST_P(CryptoServerTest, TooSmall) {
|
| @@ -606,14 +611,23 @@ TEST_P(CryptoServerTest, CorruptMultipleTags) {
|
| // clang-format on
|
| ShouldSucceed(msg);
|
| CheckRejectTag();
|
| - const HandshakeFailureReason kRejectReasons[] = {
|
| - SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE,
|
| - SERVER_NONCE_DECRYPTION_FAILURE,
|
| +
|
| + if (client_version_ <= QUIC_VERSION_26) {
|
| + const HandshakeFailureReason kRejectReasons[] = {
|
| + SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE,
|
| + SERVER_NONCE_DECRYPTION_FAILURE};
|
| + CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| + } else {
|
| + const HandshakeFailureReason kRejectReasons[] = {
|
| + SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE};
|
| + CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| };
|
| - CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| }
|
|
|
| TEST_P(CryptoServerTest, ReplayProtection) {
|
| + if (client_version_ > QUIC_VERSION_26) {
|
| + return;
|
| + }
|
| // This tests that disabling replay protection works.
|
| // clang-format off
|
| CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
|
|
Chromium Code Reviews
Issue 1404053002:
relnote: Disables strike register lookups when talking QUIC_VERSION_27 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@Remove_unused_supported_versions_103964623