Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state_unittest.cc

Issue 14125003: Do not roll back to SSL 3.0 for Google properties. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/transport_security_state_static.h ('K') | « net/http/transport_security_state_static.json ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 return state->GetStaticDomainState(host, sni_enabled, result); 57 return state->GetStaticDomainState(host, sni_enabled, result);
58 } 58 }
59 59
60 void EnableHost(TransportSecurityState* state, 60 void EnableHost(TransportSecurityState* state,
61 const std::string& host, 61 const std::string& host,
62 const TransportSecurityState::DomainState& domain_state) { 62 const TransportSecurityState::DomainState& domain_state) {
63 return state->EnableHost(host, domain_state); 63 return state->EnableHost(host, domain_state);
64 } 64 }
65 }; 65 };
66 66
67 TEST_F(TransportSecurityStateTest, SSLVersionMinPreloaded) {
68 TransportSecurityState state;
69 TransportSecurityState::DomainState domain_state;
70 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3);
71
72 // google.com is a preloaded entry.
73 EXPECT_TRUE(state.GetDomainState("google.com", true, &domain_state));
74 // The minimum SSL version that Google accepts is tlsv1.0.
75 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1);
76
77 domain_state.ssl_version_min = net::SSL_CONNECTION_VERSION_SSL3;
78 EnableHost(&state, "google.com", domain_state);
79 EXPECT_TRUE(state.GetDomainState("google.com", true, &domain_state));
80 // Can't change |ssl_version_min| of preloaded entries.
81 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1);
82 }
83
84 TEST_F(TransportSecurityStateTest, SSLVersionMinDynamic) {
85 TransportSecurityState state;
86 TransportSecurityState::DomainState domain_state;
87 // yahoo.com is not a preloaded entry.
88 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
89
90 const base::Time current_time(base::Time::Now());
91 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
92 bool include_subdomains = false;
93 state.AddHSTS("yahoo.com", expiry, include_subdomains);
94 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
95
96 domain_state.ssl_version_min = net::SSL_CONNECTION_VERSION_TLS1;
97 EnableHost(&state, "yahoo.com", domain_state);
98 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
99 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1);
100 }
101
102
67 TEST_F(TransportSecurityStateTest, SimpleMatches) { 103 TEST_F(TransportSecurityStateTest, SimpleMatches) {
68 TransportSecurityState state; 104 TransportSecurityState state;
69 TransportSecurityState::DomainState domain_state; 105 TransportSecurityState::DomainState domain_state;
70 const base::Time current_time(base::Time::Now()); 106 const base::Time current_time(base::Time::Now());
71 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 107 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
72 108
73 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); 109 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
74 bool include_subdomains = false; 110 bool include_subdomains = false;
75 state.AddHSTS("yahoo.com", expiry, include_subdomains); 111 state.AddHSTS("yahoo.com", expiry, include_subdomains);
76 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); 112 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
(...skipping 759 matching lines...) Expand 10 before | Expand all | Expand 10 after
836 // Expect to fail for SNI hosts when not searching the SNI list: 872 // Expect to fail for SNI hosts when not searching the SNI list:
837 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 873 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
838 "gmail.com", false)); 874 "gmail.com", false));
839 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 875 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
840 "googlegroups.com", false)); 876 "googlegroups.com", false));
841 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 877 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
842 "www.googlegroups.com", false)); 878 "www.googlegroups.com", false));
843 } 879 }
844 880
845 } // namespace net 881 } // namespace net
OLDNEW
« net/http/transport_security_state_static.h ('K') | « net/http/transport_security_state_static.json ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698