Chromium Code Reviews Chromium Code Reviews
Issue 14125003:
Do not roll back to SSL 3.0 for Google properties. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/ssl_config_service_manager.h" | 5 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| (...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 213 | 213 |
| 214 SSLConfig config; | 214 SSLConfig config; |
| 215 config_service->GetSSLConfig(&config); | 215 config_service->GetSSLConfig(&config); |
| 216 | 216 |
| 217 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); | 217 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); |
| 218 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); | 218 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); |
| 219 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); | 219 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); |
| 220 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); | 220 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); |
| 221 } | 221 } |
| 222 | 222 |
| 223 // Test that without command-line settings for minimum and maximum SSL | 223 // Test that without command-line settings: |
| 224 // versions, SSL 3.0 ~ default_version_max() are enabled. | 224 // * for minimum and maximum SSL versions, SSL 3.0 ~ default_version_max() are |
| 225 // enabled; | |
| 226 // * |ssl3_version_fallback_enabled| is false; | |
|
wtc
2013/04/17 23:22:05
Nit: this is the last bullet item, so it can end w
| |
| 225 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { | 227 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { |
| 226 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 228 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 227 | 229 |
| 228 PrefServiceMockBuilder builder; | 230 PrefServiceMockBuilder builder; |
| 229 builder.WithUserPrefs(local_state_store.get()); | 231 builder.WithUserPrefs(local_state_store.get()); |
| 230 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | 232 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; |
| 231 scoped_ptr<PrefService> local_state(builder.Create(registry)); | 233 scoped_ptr<PrefService> local_state(builder.Create(registry)); |
| 232 | 234 |
| 233 SSLConfigServiceManager::RegisterPrefs(registry); | 235 SSLConfigServiceManager::RegisterPrefs(registry); |
| 234 | 236 |
| 235 scoped_ptr<SSLConfigServiceManager> config_manager( | 237 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 236 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); | 238 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); |
| 237 ASSERT_TRUE(config_manager.get()); | 239 ASSERT_TRUE(config_manager.get()); |
| 238 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 240 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 239 ASSERT_TRUE(config_service.get()); | 241 ASSERT_TRUE(config_service.get()); |
| 240 | 242 |
| 241 SSLConfig ssl_config; | 243 SSLConfig ssl_config; |
| 242 config_service->GetSSLConfig(&ssl_config); | 244 config_service->GetSSLConfig(&ssl_config); |
| 243 // The default value in the absence of command-line options is that | 245 // The default value in the absence of command-line options is that |
| 244 // SSL 3.0 ~ default_version_max() are enabled. | 246 // SSL 3.0 ~ default_version_max() are enabled. |
| 245 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); | 247 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); |
| 246 EXPECT_EQ(net::SSLConfigService::default_version_max(), | 248 EXPECT_EQ(net::SSLConfigService::default_version_max(), |
| 247 ssl_config.version_max); | 249 ssl_config.version_max); |
| 250 EXPECT_FALSE(ssl_config.ssl3_version_fallback_enabled); | |
| 248 | 251 |
| 249 // The settings should not be added to the local_state. | 252 // The settings should not be added to the local_state. |
| 250 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); | 253 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); |
| 251 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); | 254 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); |
| 255 EXPECT_FALSE(local_state->HasPrefPath( | |
| 256 prefs::kEnableSSL3VersionFallback)); | |
| 252 | 257 |
| 253 // Explicitly double-check the settings are not in the preference store. | 258 // Explicitly double-check the settings are not in the preference store. |
| 254 std::string version_min_str; | 259 std::string version_min_str; |
| 255 std::string version_max_str; | 260 std::string version_max_str; |
| 256 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | 261 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, |
| 257 &version_min_str)); | 262 &version_min_str)); |
| 258 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | 263 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, |
| 259 &version_max_str)); | 264 &version_max_str)); |
| 265 bool ssl3_version_fallback_enabled; | |
| 266 EXPECT_FALSE(local_state_store->GetBoolean( | |
| 267 prefs::kEnableSSL3VersionFallback, | |
| 268 &ssl3_version_fallback_enabled)); | |
| 260 } | 269 } |
| 261 | 270 |
| 262 // Test that command-line settings for minimum and maximum SSL versions are | 271 // Test that command-line settings for minimum and maximum SSL versions are |
| 263 // respected and that they do not persist to the preferences files. | 272 // respected and that they do not persist to the preferences files. |
| 264 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { | 273 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { |
| 265 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); | 274 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
| 266 | 275 |
| 267 CommandLine command_line(CommandLine::NO_PROGRAM); | 276 CommandLine command_line(CommandLine::NO_PROGRAM); |
| 268 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); | 277 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); |
| 269 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); | 278 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); |
| 279 command_line.AppendSwitch(switches::kEnableSSL3VersionFallback); | |
| 270 | 280 |
| 271 PrefServiceMockBuilder builder; | 281 PrefServiceMockBuilder builder; |
| 272 builder.WithUserPrefs(local_state_store.get()); | 282 builder.WithUserPrefs(local_state_store.get()); |
| 273 builder.WithCommandLine(&command_line); | 283 builder.WithCommandLine(&command_line); |
| 274 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; | 284 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; |
| 275 scoped_ptr<PrefService> local_state(builder.Create(registry)); | 285 scoped_ptr<PrefService> local_state(builder.Create(registry)); |
| 276 | 286 |
| 277 SSLConfigServiceManager::RegisterPrefs(registry); | 287 SSLConfigServiceManager::RegisterPrefs(registry); |
| 278 | 288 |
| 279 scoped_ptr<SSLConfigServiceManager> config_manager( | 289 scoped_ptr<SSLConfigServiceManager> config_manager( |
| 280 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); | 290 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); |
| 281 ASSERT_TRUE(config_manager.get()); | 291 ASSERT_TRUE(config_manager.get()); |
| 282 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); | 292 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
| 283 ASSERT_TRUE(config_service.get()); | 293 ASSERT_TRUE(config_service.get()); |
| 284 | 294 |
| 285 SSLConfig ssl_config; | 295 SSLConfig ssl_config; |
| 286 config_service->GetSSLConfig(&ssl_config); | 296 config_service->GetSSLConfig(&ssl_config); |
| 287 // Command-line flags should be respected. | 297 // Command-line flags should be respected. |
| 288 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); | 298 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); |
| 289 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); | 299 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); |
| 300 EXPECT_TRUE(ssl_config.ssl3_version_fallback_enabled); | |
| 290 | 301 |
| 291 // Explicitly double-check the settings are not in the preference store. | 302 // Explicitly double-check the settings are not in the preference store. |
| 292 const PrefService::Preference* version_min_pref = | 303 const PrefService::Preference* version_min_pref = |
| 293 local_state->FindPreference(prefs::kSSLVersionMin); | 304 local_state->FindPreference(prefs::kSSLVersionMin); |
| 294 EXPECT_FALSE(version_min_pref->IsUserModifiable()); | 305 EXPECT_FALSE(version_min_pref->IsUserModifiable()); |
| 295 | 306 |
| 296 const PrefService::Preference* version_max_pref = | 307 const PrefService::Preference* version_max_pref = |
| 297 local_state->FindPreference(prefs::kSSLVersionMax); | 308 local_state->FindPreference(prefs::kSSLVersionMax); |
| 298 EXPECT_FALSE(version_max_pref->IsUserModifiable()); | 309 EXPECT_FALSE(version_max_pref->IsUserModifiable()); |
| 299 | 310 |
| 311 const PrefService::Preference* ssl3_version_fallback_pref = | |
| 312 local_state->FindPreference(prefs::kEnableSSL3VersionFallback); | |
| 313 EXPECT_FALSE(ssl3_version_fallback_pref->IsUserModifiable()); | |
| 314 | |
| 300 std::string version_min_str; | 315 std::string version_min_str; |
| 301 std::string version_max_str; | 316 std::string version_max_str; |
| 302 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, | 317 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, |
| 303 &version_min_str)); | 318 &version_min_str)); |
| 304 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, | 319 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, |
| 305 &version_max_str)); | 320 &version_max_str)); |
| 321 bool ssl3_version_fallback_enabled; | |
| 322 EXPECT_FALSE(local_state_store->GetBoolean( | |
| 323 prefs::kEnableSSL3VersionFallback, | |
| 324 &ssl3_version_fallback_enabled)); | |
| 306 } | 325 } |
| OLD | NEW |
