Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6061)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/transport_security_persister_unittest.cc

Issue 14125003: Do not roll back to SSL 3.0 for Google properties. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/net/transport_security_persister.cc ('K') | « chrome/browser/net/transport_security_persister.cc ('k') | net/http/http_network_transaction.cc » ('j') | net/http/transport_security_state.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/transport_security_persister_unittest.cc
diff --git a/chrome/browser/net/transport_security_persister_unittest.cc b/chrome/browser/net/transport_security_persister_unittest.cc
index 4177bc80e7632d7e47a990726d43ea602958a940..3c71101d5128beae57342dcdaf9228d0b4a872f4 100644
--- a/chrome/browser/net/transport_security_persister_unittest.cc
+++ b/chrome/browser/net/transport_security_persister_unittest.cc
@@ -91,6 +91,8 @@ TEST_F(TransportSecurityPersisterTest, SerializeData2) {
EXPECT_EQ(domain_state.upgrade_mode,
TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
EXPECT_FALSE(state_.GetDomainState("com", true, &domain_state));
+
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3);
}
TEST_F(TransportSecurityPersisterTest, SerializeData3) {
@@ -232,3 +234,90 @@ TEST_F(TransportSecurityPersisterTest, ForcePreloads) {
EXPECT_FALSE(domain_state.HasPublicKeyPins());
EXPECT_FALSE(domain_state.ShouldUpgradeToSSL());
}
+
+TEST_F(TransportSecurityPersisterTest, SSLVersionMin1) {
+ std::string preload("{"
+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
+ "\"created\": 0.0,"
+ "\"expiry\": 2000000000.0,"
+ "\"include_subdomains\": false,"
+ "\"mode\": \"pinning-only\""
+ "}}");
+
+ EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload));
+
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state));
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3);
+}
+
+
+TEST_F(TransportSecurityPersisterTest, SSLVersionMin2) {
+ std::string preload("{"
+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
+ "\"created\": 0.0,"
+ "\"expiry\": 2000000000.0,"
+ "\"include_subdomains\": false,"
+ "\"mode\": \"pinning-only\","
+ "\"ssl_version_min\": \"sslv3.0\""
+ "}}");
+
+ EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload));
+
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state));
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3);
+}
+
+TEST_F(TransportSecurityPersisterTest, SSLVersionMin3) {
+ std::string preload("{"
+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
+ "\"created\": 0.0,"
+ "\"expiry\": 2000000000.0,"
+ "\"include_subdomains\": false,"
+ "\"mode\": \"pinning-only\","
+ "\"ssl_version_min\": \"tlsv1.0\""
+ "}}");
+
+ EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload));
+
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state));
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1);
+}
+
+TEST_F(TransportSecurityPersisterTest, SSLVersionMin4) {
+ std::string preload("{"
+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
+ "\"created\": 0.0,"
+ "\"expiry\": 2000000000.0,"
+ "\"include_subdomains\": false,"
+ "\"mode\": \"pinning-only\","
+ "\"ssl_version_min\": \"tlsv1.1\""
+ "}}");
+
+ EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload));
+
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state));
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1_1);
+}
+
+
+TEST_F(TransportSecurityPersisterTest, SSLVersionMin5) {
+ std::string preload("{"
+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
+ "\"created\": 0.0,"
+ "\"expiry\": 2000000000.0,"
+ "\"include_subdomains\": false,"
+ "\"mode\": \"pinning-only\","
+ "\"ssl_version_min\": \"tlsv1.2\""
+ "}}");
+
+ EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload));
+
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state));
+ EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1_2);
+}
+
« chrome/browser/net/transport_security_persister.cc ('K') | « chrome/browser/net/transport_security_persister.cc ('k') | net/http/http_network_transaction.cc » ('j') | net/http/transport_security_state.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698