Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(489)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/net/ssl_config_service_manager_pref_unittest.cc

Issue 14125003: Do not roll back to SSL 3.0 for Google properties. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix a bug that prevents TLS 1.1 -> TLS 1.0 fallback. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/net/ssl_config_service_manager_pref.cc ('K') | « chrome/browser/net/ssl_config_service_manager_pref.cc ('k') | chrome/browser/prefs/command_line_pref_store.cc » ('j') | chrome/browser/prefs/command_line_pref_store.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/net/ssl_config_service_manager.h" 5 #include "chrome/browser/net/ssl_config_service_manager.h"
6 6
7 #include "base/command_line.h" 7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h" 8 #include "base/memory/ref_counted.h"
9 #include "base/message_loop.h" 9 #include "base/message_loop.h"
10 #include "base/prefs/pref_registry_simple.h" 10 #include "base/prefs/pref_registry_simple.h"
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after
213 213
214 SSLConfig config; 214 SSLConfig config;
215 config_service->GetSSLConfig(&config); 215 config_service->GetSSLConfig(&config);
216 216
217 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites); 217 EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
218 ASSERT_EQ(2u, config.disabled_cipher_suites.size()); 218 ASSERT_EQ(2u, config.disabled_cipher_suites.size());
219 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]); 219 EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
220 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); 220 EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
221 } 221 }
222 222
223 // Test that without command-line settings for minimum and maximum SSL 223 // Test that without command-line settings:
224 // versions, SSL 3.0 ~ default_version_max() are enabled. 224 // * for minimum and maximum SSL versions, SSL 3.0 ~ default_version_max() are
225 // enabled;
226 // * |ssl3_fallback_enabled| is false.
wtc 2013/04/18 18:15:34 I suggest rewording this comment as follows (pleas
thaidn_google 2013/04/19 01:20:43 Done.
225 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { 227 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
226 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 228 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
227 229
228 PrefServiceMockBuilder builder; 230 PrefServiceMockBuilder builder;
229 builder.WithUserPrefs(local_state_store.get()); 231 builder.WithUserPrefs(local_state_store.get());
230 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 232 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
231 scoped_ptr<PrefService> local_state(builder.Create(registry)); 233 scoped_ptr<PrefService> local_state(builder.Create(registry));
232 234
233 SSLConfigServiceManager::RegisterPrefs(registry); 235 SSLConfigServiceManager::RegisterPrefs(registry);
234 236
235 scoped_ptr<SSLConfigServiceManager> config_manager( 237 scoped_ptr<SSLConfigServiceManager> config_manager(
236 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); 238 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL));
237 ASSERT_TRUE(config_manager.get()); 239 ASSERT_TRUE(config_manager.get());
238 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 240 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
239 ASSERT_TRUE(config_service.get()); 241 ASSERT_TRUE(config_service.get());
240 242
241 SSLConfig ssl_config; 243 SSLConfig ssl_config;
242 config_service->GetSSLConfig(&ssl_config); 244 config_service->GetSSLConfig(&ssl_config);
243 // The default value in the absence of command-line options is that 245 // The default value in the absence of command-line options is that
244 // SSL 3.0 ~ default_version_max() are enabled. 246 // SSL 3.0 ~ default_version_max() are enabled.
245 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); 247 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
246 EXPECT_EQ(net::SSLConfigService::default_version_max(), 248 EXPECT_EQ(net::SSLConfigService::default_version_max(),
247 ssl_config.version_max); 249 ssl_config.version_max);
250 EXPECT_FALSE(ssl_config.ssl3_fallback_enabled);
248 251
249 // The settings should not be added to the local_state. 252 // The settings should not be added to the local_state.
250 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); 253 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
251 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); 254 EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
255 EXPECT_FALSE(local_state->HasPrefPath(
256 prefs::kEnableSSL3Fallback));
wtc 2013/04/18 18:15:34 This should now fit on one line.
thaidn_google 2013/04/19 01:20:43 After the rename, it can't be on one line. On 201
252 257
253 // Explicitly double-check the settings are not in the preference store. 258 // Explicitly double-check the settings are not in the preference store.
254 std::string version_min_str; 259 std::string version_min_str;
255 std::string version_max_str; 260 std::string version_max_str;
256 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 261 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
257 &version_min_str)); 262 &version_min_str));
258 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 263 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
259 &version_max_str)); 264 &version_max_str));
265 bool ssl3_fallback_enabled;
266 EXPECT_FALSE(local_state_store->GetBoolean(
267 prefs::kEnableSSL3Fallback,
268 &ssl3_fallback_enabled));
wtc 2013/04/18 18:15:34 This call should fit in two lines now.
thaidn_google 2013/04/19 01:20:43 After the rename, it can't be on two lines. On 20
260 } 269 }
261 270
262 // Test that command-line settings for minimum and maximum SSL versions are 271 // Test that command-line settings for minimum and maximum SSL versions are
263 // respected and that they do not persist to the preferences files. 272 // respected and that they do not persist to the preferences files.
264 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { 273 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
265 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); 274 scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
266 275
267 CommandLine command_line(CommandLine::NO_PROGRAM); 276 CommandLine command_line(CommandLine::NO_PROGRAM);
268 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); 277 command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
269 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); 278 command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
279 command_line.AppendSwitch(switches::kEnableSSL3Fallback);
270 280
271 PrefServiceMockBuilder builder; 281 PrefServiceMockBuilder builder;
272 builder.WithUserPrefs(local_state_store.get()); 282 builder.WithUserPrefs(local_state_store.get());
273 builder.WithCommandLine(&command_line); 283 builder.WithCommandLine(&command_line);
274 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple; 284 scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
275 scoped_ptr<PrefService> local_state(builder.Create(registry)); 285 scoped_ptr<PrefService> local_state(builder.Create(registry));
276 286
277 SSLConfigServiceManager::RegisterPrefs(registry); 287 SSLConfigServiceManager::RegisterPrefs(registry);
278 288
279 scoped_ptr<SSLConfigServiceManager> config_manager( 289 scoped_ptr<SSLConfigServiceManager> config_manager(
280 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL)); 290 SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL));
281 ASSERT_TRUE(config_manager.get()); 291 ASSERT_TRUE(config_manager.get());
282 scoped_refptr<SSLConfigService> config_service(config_manager->Get()); 292 scoped_refptr<SSLConfigService> config_service(config_manager->Get());
283 ASSERT_TRUE(config_service.get()); 293 ASSERT_TRUE(config_service.get());
284 294
285 SSLConfig ssl_config; 295 SSLConfig ssl_config;
286 config_service->GetSSLConfig(&ssl_config); 296 config_service->GetSSLConfig(&ssl_config);
287 // Command-line flags should be respected. 297 // Command-line flags should be respected.
288 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); 298 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
289 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); 299 EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
300 EXPECT_TRUE(ssl_config.ssl3_fallback_enabled);
290 301
291 // Explicitly double-check the settings are not in the preference store. 302 // Explicitly double-check the settings are not in the preference store.
292 const PrefService::Preference* version_min_pref = 303 const PrefService::Preference* version_min_pref =
293 local_state->FindPreference(prefs::kSSLVersionMin); 304 local_state->FindPreference(prefs::kSSLVersionMin);
294 EXPECT_FALSE(version_min_pref->IsUserModifiable()); 305 EXPECT_FALSE(version_min_pref->IsUserModifiable());
295 306
296 const PrefService::Preference* version_max_pref = 307 const PrefService::Preference* version_max_pref =
297 local_state->FindPreference(prefs::kSSLVersionMax); 308 local_state->FindPreference(prefs::kSSLVersionMax);
298 EXPECT_FALSE(version_max_pref->IsUserModifiable()); 309 EXPECT_FALSE(version_max_pref->IsUserModifiable());
299 310
311 const PrefService::Preference* ssl3_version_fallback_pref =
wtc 2013/04/18 18:15:34 ssl3_version_fallback_pref => ssl3_fallback_pref
thaidn_google 2013/04/19 01:20:43 Done.
312 local_state->FindPreference(prefs::kEnableSSL3Fallback);
313 EXPECT_FALSE(ssl3_version_fallback_pref->IsUserModifiable());
314
300 std::string version_min_str; 315 std::string version_min_str;
301 std::string version_max_str; 316 std::string version_max_str;
302 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, 317 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
303 &version_min_str)); 318 &version_min_str));
304 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, 319 EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
305 &version_max_str)); 320 &version_max_str));
321 bool ssl3_fallback_enabled;
322 EXPECT_FALSE(local_state_store->GetBoolean(
323 prefs::kEnableSSL3Fallback,
324 &ssl3_fallback_enabled));
wtc 2013/04/18 18:15:34 This should fit in two lines now.
thaidn_google 2013/04/19 01:20:43 After the rename, it can't be on two lines. On 20
306 } 325 }
OLDNEW
« chrome/browser/net/ssl_config_service_manager_pref.cc ('K') | « chrome/browser/net/ssl_config_service_manager_pref.cc ('k') | chrome/browser/prefs/command_line_pref_store.cc » ('j') | chrome/browser/prefs/command_line_pref_store.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698