Do not roll back to SSL 3.0 for Google properties.

net/http/http_network_transaction_ssl_unittest.cc

Index: net/http/http_network_transaction_ssl_unittest.cc
diff --git a/net/http/http_network_transaction_ssl_unittest.cc b/net/http/http_network_transaction_ssl_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..816dc3908556584ee73b41d461eb471d5169066a
--- /dev/null
+++ b/net/http/http_network_transaction_ssl_unittest.cc
@@ -0,0 +1,144 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <string>
+
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "net/base/net_util.h"
+#include "net/base/request_priority.h"
+#include "net/dns/mock_host_resolver.h"
+#include "net/http/http_auth_handler_mock.h"
+#include "net/http/http_network_session.h"
+#include "net/http/http_network_transaction.h"
+#include "net/http/http_request_info.h"
+#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
+#include "net/proxy/proxy_config_service.h"
+#include "net/proxy/proxy_service.h"
+#include "net/socket/socket_test_util.h"
+#include "net/ssl/ssl_config_service_defaults.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace {
+
+class SimpleProxyConfigService : public ProxyConfigService {

[agl, 2013/04/15 15:23:51]

Looks like this is the third copy of this. Probably time to give it it's own
file and header.

[thaidn_google, 2013/04/16 00:38:16]

Done.

+ public:
+  virtual void AddObserver(Observer* observer) OVERRIDE {
+    observer_ = observer;
+  }
+
+  virtual void RemoveObserver(Observer* observer) OVERRIDE {
+    if (observer_ == observer) {
+      observer_ = NULL;
+    }
+  }
+
+  virtual ConfigAvailability GetLatestProxyConfig(
+      ProxyConfig* config) OVERRIDE {
+    *config = config_;
+    return CONFIG_VALID;
+  }
+
+  void IncrementConfigId() {
+    config_.set_id(config_.id() + 1);
+    observer_->OnProxyConfigChanged(config_, ProxyConfigService::CONFIG_VALID);
+  }
+
+ private:
+  ProxyConfig config_;
+  Observer* observer_;
+};
+
+class HttpNetworkTransactionSSLTest : public testing::Test {
+  public:

[agl, 2013/04/15 15:23:51]

indentation of this class is incorrect.

[thaidn_google, 2013/04/16 00:38:16]

Done.

+    virtual void SetUp() {
+      proxy_config_service_ = new SimpleProxyConfigService();
+      proxy_service_.reset(new ProxyService(proxy_config_service_,
+                           NULL, NULL));
+      ssl_config_ = new SSLConfigServiceDefaults;
+      auth_handler_factory_.reset(new HttpAuthHandlerMock::Factory());
+
+      transport_security_state_.reset(new TransportSecurityState());
+
+      HttpNetworkSession::Params session_params;
+      session_params.client_socket_factory = &factory_;
+      session_params.proxy_service = proxy_service_.get();
+      session_params.host_resolver = &mock_resolver_;
+      session_params.ssl_config_service = ssl_config_.get();
+      session_params.http_auth_handler_factory = auth_handler_factory_.get();
+      session_params.http_server_properties = &http_server_properties_;
+      session_params.transport_security_state =
+        transport_security_state_.get();
+      session_ = new HttpNetworkSession(session_params);
+    }
+
+    HttpRequestInfo* GetRequestInfo(std::string url) {
+      HttpRequestInfo* request_info = new HttpRequestInfo;
+      request_info->url = GURL(url);
+      request_info->method = "GET";
+      return request_info;
+    }
+
+    DeterministicMockClientSocketFactory factory_;
+    TestCompletionCallback callback_;
+
+    SimpleProxyConfigService* proxy_config_service_;
+    scoped_ptr<ProxyService> proxy_service_;
+    MockHostResolver mock_resolver_;
+    scoped_refptr<SSLConfigService> ssl_config_;
+    scoped_ptr<HttpAuthHandlerMock::Factory> auth_handler_factory_;
+    HttpServerPropertiesImpl http_server_properties_;
+    scoped_ptr<TransportSecurityState> transport_security_state_;
+    scoped_refptr<HttpNetworkSession> session_;
+};
+
+TEST_F(HttpNetworkTransactionSSLTest, Google_Preloaded) {
+  scoped_ptr<HttpNetworkTransaction> trans(
+        new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
+  SSLConfig& ssl_config = trans->server_ssl_config();
+  EXPECT_EQ(ssl_config.version_min,
+            SSL_PROTOCOL_VERSION_SSL3);
+  TestCompletionCallback callback;
+  EXPECT_EQ(ERR_IO_PENDING,
+            trans->Start(GetRequestInfo("https://www.google.com/"),
+                         callback.callback(), BoundNetLog()));
+  EXPECT_EQ(ssl_config.version_min,
+            SSL_PROTOCOL_VERSION_TLS1);

[Ryan Sleevi, 2013/04/15 18:03:28]

style: EXPECT_* macros follow the EXPECT_*(expected, actual), but your EXPECT_EQ
for SSL_PROTOCOL_VERSION* are in the form of EXPECT_*(actual, expected).

+}
+
+TEST_F(HttpNetworkTransactionSSLTest, Google_PreloadedDisabled) {
+  scoped_ptr<HttpNetworkTransaction> trans(
+        new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
+  SSLConfig& ssl_config = trans->server_ssl_config();
+  EXPECT_EQ(ssl_config.version_min,
+            SSL_PROTOCOL_VERSION_SSL3);
+  TestCompletionCallback callback;
+  ssl_config.ssl_version_min_preloaded_disabled = true;
+  EXPECT_EQ(ERR_IO_PENDING,
+            trans->Start(GetRequestInfo("https://www.google.com/"),
+                         callback.callback(), BoundNetLog()));
+  EXPECT_EQ(ssl_config.version_min,
+            SSL_PROTOCOL_VERSION_SSL3);
+}
+
+TEST_F(HttpNetworkTransactionSSLTest, NonGoogle_Preloaded) {
+  scoped_ptr<HttpNetworkTransaction> trans(
+        new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
+  SSLConfig& ssl_config = trans->server_ssl_config();
+  EXPECT_EQ(ssl_config.version_min,
+            SSL_PROTOCOL_VERSION_SSL3);
+  TestCompletionCallback callback;
+  EXPECT_EQ(ERR_IO_PENDING,
+            trans->Start(GetRequestInfo("https://www.paypal.com/"),
+                         callback.callback(), BoundNetLog()));
+  EXPECT_EQ(ssl_config.version_min,
+            SSL_PROTOCOL_VERSION_SSL3);
+}
+
+}  // namespace
+}  // namespace net
+