| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 #include <vector> | 6 #include <vector> |
| 7 | 7 |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "net/base/net_util.h" | 10 #include "net/base/net_util.h" |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 108 | 108 |
| 109 MockClientSocketFactory mock_socket_factory_; | 109 MockClientSocketFactory mock_socket_factory_; |
| 110 MockHostResolver mock_resolver_; | 110 MockHostResolver mock_resolver_; |
| 111 HttpServerPropertiesImpl http_server_properties_; | 111 HttpServerPropertiesImpl http_server_properties_; |
| 112 TransportSecurityState transport_security_state_; | 112 TransportSecurityState transport_security_state_; |
| 113 HttpNetworkSession::Params session_params_; | 113 HttpNetworkSession::Params session_params_; |
| 114 std::vector<scoped_ptr<HttpRequestInfo>> request_info_vector_; | 114 std::vector<scoped_ptr<HttpRequestInfo>> request_info_vector_; |
| 115 }; | 115 }; |
| 116 | 116 |
| 117 // Tests that HttpNetworkTransaction attempts to fallback from | 117 // Tests that HttpNetworkTransaction attempts to fallback from |
| 118 // TLS 1.2 to TLS 1.1, then from TLS 1.1 to TLS 1.0. | 118 // TLS 1.2 to TLS 1.1. |
| 119 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { | 119 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { |
| 120 ssl_config_service_ = new TLS12SSLConfigService; | 120 ssl_config_service_ = new TLS12SSLConfigService; |
| 121 session_params_.ssl_config_service = ssl_config_service_.get(); | 121 session_params_.ssl_config_service = ssl_config_service_.get(); |
| 122 // |ssl_data1| is for the first handshake (TLS 1.2), which will fail | 122 // |ssl_data1| is for the first handshake (TLS 1.2), which will fail |
| 123 // for protocol reasons (e.g., simulating a version rollback attack). | 123 // for protocol reasons (e.g., simulating a version rollback attack). |
| 124 SSLSocketDataProvider ssl_data1(ASYNC, ERR_SSL_PROTOCOL_ERROR); | 124 SSLSocketDataProvider ssl_data1(ASYNC, ERR_SSL_PROTOCOL_ERROR); |
| 125 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data1); | 125 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data1); |
| 126 StaticSocketDataProvider data1(NULL, 0, NULL, 0); | 126 StaticSocketDataProvider data1(NULL, 0, NULL, 0); |
| 127 mock_socket_factory_.AddSocketDataProvider(&data1); | 127 mock_socket_factory_.AddSocketDataProvider(&data1); |
| 128 | 128 |
| 129 // |ssl_data2| contains the handshake result for a TLS 1.1 | 129 // |ssl_data2| contains the handshake result for a TLS 1.1 |
| 130 // handshake which will be attempted after the TLS 1.2 | 130 // handshake which will be attempted after the TLS 1.2 |
| 131 // handshake fails. | 131 // handshake fails. |
| 132 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); | 132 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); |
| 133 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); | 133 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); |
| 134 StaticSocketDataProvider data2(NULL, 0, NULL, 0); | 134 StaticSocketDataProvider data2(NULL, 0, NULL, 0); |
| 135 mock_socket_factory_.AddSocketDataProvider(&data2); | 135 mock_socket_factory_.AddSocketDataProvider(&data2); |
| 136 | 136 |
| 137 // |ssl_data3| contains the handshake result for a TLS 1.0 | |
| 138 // handshake which will be attempted after the TLS 1.1 | |
| 139 // handshake fails. | |
| 140 SSLSocketDataProvider ssl_data3(ASYNC, ERR_SSL_PROTOCOL_ERROR); | |
| 141 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data3); | |
| 142 StaticSocketDataProvider data3(NULL, 0, NULL, 0); | |
| 143 mock_socket_factory_.AddSocketDataProvider(&data3); | |
| 144 | |
| 145 HttpNetworkSession session(session_params_); | 137 HttpNetworkSession session(session_params_); |
| 146 HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session); | 138 HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session); |
| 147 | 139 |
| 148 TestCompletionCallback callback; | 140 TestCompletionCallback callback; |
| 149 // This will consume |ssl_data1|, |ssl_data2| and |ssl_data3|. | 141 // This will consume |ssl_data1| and |ssl_data2|. |
| 150 int rv = | 142 int rv = |
| 151 callback.GetResult(trans.Start(GetRequestInfo("https://www.paypal.com/"), | 143 callback.GetResult(trans.Start(GetRequestInfo("https://www.paypal.com/"), |
| 152 callback.callback(), BoundNetLog())); | 144 callback.callback(), BoundNetLog())); |
| 153 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 145 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 154 | 146 |
| 155 SocketDataProviderArray<SocketDataProvider>& mock_data = | 147 SocketDataProviderArray<SocketDataProvider>& mock_data = |
| 156 mock_socket_factory_.mock_data(); | 148 mock_socket_factory_.mock_data(); |
| 157 // Confirms that |ssl_data1|, |ssl_data2| and |ssl_data3| are consumed. | 149 // Confirms that |ssl_data1| and |ssl_data2| are consumed. |
| 158 EXPECT_EQ(3u, mock_data.next_index()); | 150 EXPECT_EQ(2u, mock_data.next_index()); |
| 159 | 151 |
| 160 SSLConfig& ssl_config = GetServerSSLConfig(&trans); | 152 SSLConfig& ssl_config = GetServerSSLConfig(&trans); |
| 161 // |version_max| fallbacks to TLS 1.0. | 153 // |version_max| falls back to TLS 1.1. |
| 162 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max); | 154 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_max); |
| 163 EXPECT_TRUE(ssl_config.version_fallback); | 155 EXPECT_TRUE(ssl_config.version_fallback); |
| 164 } | 156 } |
| 165 | 157 |
| 166 #if !defined(OS_IOS) | 158 #if !defined(OS_IOS) |
| 167 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { | 159 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { |
| 168 ssl_config_service_ = new TokenBindingSSLConfigService; | 160 ssl_config_service_ = new TokenBindingSSLConfigService; |
| 169 session_params_.ssl_config_service = ssl_config_service_.get(); | 161 session_params_.ssl_config_service = ssl_config_service_.get(); |
| 170 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), | 162 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), |
| 171 base::ThreadTaskRunnerHandle::Get()); | 163 base::ThreadTaskRunnerHandle::Get()); |
| 172 session_params_.channel_id_service = &channel_id_service; | 164 session_params_.channel_id_service = &channel_id_service; |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers2)); | 202 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers2)); |
| 211 std::string token_binding_header2; | 203 std::string token_binding_header2; |
| 212 EXPECT_TRUE(headers2.GetHeader(HttpRequestHeaders::kTokenBinding, | 204 EXPECT_TRUE(headers2.GetHeader(HttpRequestHeaders::kTokenBinding, |
| 213 &token_binding_header2)); | 205 &token_binding_header2)); |
| 214 | 206 |
| 215 EXPECT_EQ(token_binding_header1, token_binding_header2); | 207 EXPECT_EQ(token_binding_header1, token_binding_header2); |
| 216 } | 208 } |
| 217 #endif // !defined(OS_IOS) | 209 #endif // !defined(OS_IOS) |
| 218 | 210 |
| 219 } // namespace net | 211 } // namespace net |
| 220 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1682623002:
Disable the TLS version fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master