Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state_unittest.cc

Issue 14125003: Do not roll back to SSL 3.0 for Google properties. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/transport_security_state_static.h ('K') | « net/http/transport_security_state_static.json ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state_unittest.cc
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc
index d4fac4560669d321d4f25855b6595b5cfcd1d391..2a1e3c4fc051d8066c56fe637b6cd8a4463522ed 100644
--- a/net/http/transport_security_state_unittest.cc
+++ b/net/http/transport_security_state_unittest.cc
@@ -64,6 +64,42 @@ class TransportSecurityStateTest : public testing::Test {
}
};
+TEST_F(TransportSecurityStateTest, SSLVersionMinPreloaded) {
+ TransportSecurityState state;
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3);
+
+ // google.com is a preloaded entry.
+ EXPECT_TRUE(state.GetDomainState("google.com", true, &domain_state));
+ // The minimum SSL version that Google accepts is tlsv1.0.
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1);
+
+ domain_state.ssl_version_min = net::SSL_CONNECTION_VERSION_SSL3;
+ EnableHost(&state, "google.com", domain_state);
+ EXPECT_TRUE(state.GetDomainState("google.com", true, &domain_state));
+ // Can't change |ssl_version_min| of preloaded entries.
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1);
+}
+
+TEST_F(TransportSecurityStateTest, SSLVersionMinDynamic) {
+ TransportSecurityState state;
+ TransportSecurityState::DomainState domain_state;
+ // yahoo.com is not a preloaded entry.
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+
+ const base::Time current_time(base::Time::Now());
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+ bool include_subdomains = false;
+ state.AddHSTS("yahoo.com", expiry, include_subdomains);
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
+
+ domain_state.ssl_version_min = net::SSL_CONNECTION_VERSION_TLS1;
+ EnableHost(&state, "yahoo.com", domain_state);
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1);
+}
+
+
TEST_F(TransportSecurityStateTest, SimpleMatches) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
« net/http/transport_security_state_static.h ('K') | « net/http/transport_security_state_static.json ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698