OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include <errno.h> | |
8 #include <string.h> | |
9 | |
7 #include <utility> | 10 #include <utility> |
8 | 11 |
12 #include <openssl/bio.h> | |
13 #include <openssl/evp.h> | |
14 #include <openssl/pem.h> | |
15 | |
9 #include "base/callback_helpers.h" | 16 #include "base/callback_helpers.h" |
10 #include "base/files/file_util.h" | 17 #include "base/files/file_util.h" |
11 #include "base/location.h" | 18 #include "base/location.h" |
12 #include "base/macros.h" | 19 #include "base/macros.h" |
13 #include "base/memory/ref_counted.h" | 20 #include "base/memory/ref_counted.h" |
14 #include "base/run_loop.h" | 21 #include "base/run_loop.h" |
15 #include "base/single_thread_task_runner.h" | 22 #include "base/single_thread_task_runner.h" |
16 #include "base/thread_task_runner_handle.h" | 23 #include "base/thread_task_runner_handle.h" |
17 #include "base/time/time.h" | 24 #include "base/time/time.h" |
25 #include "crypto/scoped_openssl_types.h" | |
18 #include "net/base/address_list.h" | 26 #include "net/base/address_list.h" |
19 #include "net/base/io_buffer.h" | 27 #include "net/base/io_buffer.h" |
20 #include "net/base/net_errors.h" | 28 #include "net/base/net_errors.h" |
21 #include "net/base/test_completion_callback.h" | 29 #include "net/base/test_completion_callback.h" |
22 #include "net/base/test_data_directory.h" | 30 #include "net/base/test_data_directory.h" |
23 #include "net/cert/asn1_util.h" | 31 #include "net/cert/asn1_util.h" |
24 #include "net/cert/ct_policy_enforcer.h" | 32 #include "net/cert/ct_policy_enforcer.h" |
25 #include "net/cert/ct_policy_status.h" | 33 #include "net/cert/ct_policy_status.h" |
26 #include "net/cert/ct_verifier.h" | 34 #include "net/cert/ct_verifier.h" |
27 #include "net/cert/mock_cert_verifier.h" | 35 #include "net/cert/mock_cert_verifier.h" |
(...skipping 10 matching lines...) Expand all Loading... | |
38 #include "net/socket/client_socket_factory.h" | 46 #include "net/socket/client_socket_factory.h" |
39 #include "net/socket/client_socket_handle.h" | 47 #include "net/socket/client_socket_handle.h" |
40 #include "net/socket/socket_test_util.h" | 48 #include "net/socket/socket_test_util.h" |
41 #include "net/socket/tcp_client_socket.h" | 49 #include "net/socket/tcp_client_socket.h" |
42 #include "net/ssl/channel_id_service.h" | 50 #include "net/ssl/channel_id_service.h" |
43 #include "net/ssl/default_channel_id_store.h" | 51 #include "net/ssl/default_channel_id_store.h" |
44 #include "net/ssl/ssl_cert_request_info.h" | 52 #include "net/ssl/ssl_cert_request_info.h" |
45 #include "net/ssl/ssl_config_service.h" | 53 #include "net/ssl/ssl_config_service.h" |
46 #include "net/ssl/ssl_connection_status_flags.h" | 54 #include "net/ssl/ssl_connection_status_flags.h" |
47 #include "net/ssl/ssl_info.h" | 55 #include "net/ssl/ssl_info.h" |
56 #include "net/ssl/test_ssl_private_key.h" | |
48 #include "net/test/cert_test_util.h" | 57 #include "net/test/cert_test_util.h" |
49 #include "net/test/spawned_test_server/spawned_test_server.h" | 58 #include "net/test/spawned_test_server/spawned_test_server.h" |
50 #include "testing/gmock/include/gmock/gmock.h" | 59 #include "testing/gmock/include/gmock/gmock.h" |
51 #include "testing/gtest/include/gtest/gtest.h" | 60 #include "testing/gtest/include/gtest/gtest.h" |
52 #include "testing/platform_test.h" | 61 #include "testing/platform_test.h" |
53 | 62 |
54 #if defined(USE_OPENSSL) | |
55 #include <errno.h> | |
56 #include <openssl/bio.h> | |
57 #include <openssl/evp.h> | |
58 #include <openssl/pem.h> | |
59 #include <string.h> | |
60 | |
61 #include "crypto/scoped_openssl_types.h" | |
62 #include "net/ssl/test_ssl_private_key.h" | |
63 #endif | |
64 | |
65 using testing::_; | 63 using testing::_; |
66 using testing::Return; | 64 using testing::Return; |
67 using testing::Truly; | 65 using testing::Truly; |
68 | 66 |
69 namespace net { | 67 namespace net { |
70 | 68 |
71 namespace { | 69 namespace { |
72 | 70 |
73 // WrappedStreamSocket is a base class that wraps an existing StreamSocket, | 71 // WrappedStreamSocket is a base class that wraps an existing StreamSocket, |
74 // forwarding the Socket and StreamSocket interfaces to the underlying | 72 // forwarding the Socket and StreamSocket interfaces to the underlying |
(...skipping 1420 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1495 // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return. | 1493 // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return. |
1496 SSLClientSocket* raw_sock = sock.get(); | 1494 SSLClientSocket* raw_sock = sock.get(); |
1497 DeleteSocketCallback read_callback(sock.release()); | 1495 DeleteSocketCallback read_callback(sock.release()); |
1498 scoped_refptr<IOBuffer> read_buf(new IOBuffer(4096)); | 1496 scoped_refptr<IOBuffer> read_buf(new IOBuffer(4096)); |
1499 rv = raw_sock->Read(read_buf.get(), 4096, read_callback.callback()); | 1497 rv = raw_sock->Read(read_buf.get(), 4096, read_callback.callback()); |
1500 | 1498 |
1501 // Ensure things didn't complete synchronously, otherwise |sock| is invalid. | 1499 // Ensure things didn't complete synchronously, otherwise |sock| is invalid. |
1502 ASSERT_EQ(ERR_IO_PENDING, rv); | 1500 ASSERT_EQ(ERR_IO_PENDING, rv); |
1503 ASSERT_FALSE(read_callback.have_result()); | 1501 ASSERT_FALSE(read_callback.have_result()); |
1504 | 1502 |
1505 #if !defined(USE_OPENSSL) | |
1506 // NSS follows a pattern where a call to PR_Write will only consume as | |
1507 // much data as it can encode into application data records before the | |
1508 // internal memio buffer is full, which should only fill if writing a large | |
1509 // amount of data and the underlying transport is blocked. Once this happens, | |
1510 // NSS will return (total size of all application data records it wrote) - 1, | |
1511 // with the caller expected to resume with the remaining unsent data. | |
1512 // | |
1513 // This causes SSLClientSocketNSS::Write to return that it wrote some data | |
1514 // before it will return ERR_IO_PENDING, so make an extra call to Write() to | |
1515 // get the socket in the state needed for the test below. | |
1516 // | |
1517 // This is not needed for OpenSSL, because for OpenSSL, | |
1518 // SSL_MODE_ENABLE_PARTIAL_WRITE is not specified - thus | |
1519 // SSLClientSocketOpenSSL::Write() will not return until all of | |
1520 // |request_buffer| has been written to the underlying BIO (although not | |
1521 // necessarily the underlying transport). | |
1522 rv = callback.GetResult(raw_sock->Write(request_buffer.get(), | |
1523 request_buffer->BytesRemaining(), | |
1524 callback.callback())); | |
1525 ASSERT_LT(0, rv); | |
1526 request_buffer->DidConsume(rv); | |
1527 | |
1528 // Guard to ensure that |request_buffer| was larger than all of the internal | |
1529 // buffers (transport, memio, NSS) along the way - otherwise the next call | |
1530 // to Write() will crash with an invalid buffer. | |
1531 ASSERT_LT(0, request_buffer->BytesRemaining()); | |
1532 #endif | |
1533 | |
1534 // Attempt to write the remaining data. NSS will not be able to consume the | 1503 // Attempt to write the remaining data. NSS will not be able to consume the |
1535 // application data because the internal buffers are full, while OpenSSL will | 1504 // application data because the internal buffers are full, while OpenSSL will |
1536 // return that its blocked because the underlying transport is blocked. | 1505 // return that its blocked because the underlying transport is blocked. |
1537 rv = raw_sock->Write(request_buffer.get(), | 1506 rv = raw_sock->Write(request_buffer.get(), |
1538 request_buffer->BytesRemaining(), | 1507 request_buffer->BytesRemaining(), |
1539 callback.callback()); | 1508 callback.callback()); |
1540 ASSERT_EQ(ERR_IO_PENDING, rv); | 1509 ASSERT_EQ(ERR_IO_PENDING, rv); |
1541 ASSERT_FALSE(callback.have_result()); | 1510 ASSERT_FALSE(callback.have_result()); |
1542 | 1511 |
1543 // Now unblock Write(), which will invoke OnSendComplete and (eventually) | 1512 // Now unblock Write(), which will invoke OnSendComplete and (eventually) |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1633 ASSERT_LT(0, long_request_buffer->BytesRemaining()); | 1602 ASSERT_LT(0, long_request_buffer->BytesRemaining()); |
1634 } | 1603 } |
1635 } while (rv > 0); | 1604 } while (rv > 0); |
1636 | 1605 |
1637 EXPECT_EQ(ERR_CONNECTION_RESET, rv); | 1606 EXPECT_EQ(ERR_CONNECTION_RESET, rv); |
1638 | 1607 |
1639 // Release the read. | 1608 // Release the read. |
1640 raw_transport->UnblockReadResult(); | 1609 raw_transport->UnblockReadResult(); |
1641 rv = read_callback.WaitForResult(); | 1610 rv = read_callback.WaitForResult(); |
1642 | 1611 |
1643 #if defined(USE_OPENSSL) | |
1644 // Should still read bytes despite the write error. | 1612 // Should still read bytes despite the write error. |
1645 EXPECT_LT(0, rv); | 1613 EXPECT_LT(0, rv); |
1646 #else | |
1647 // NSS attempts to flush the write buffer in PR_Read on an SSL socket before | |
1648 // pumping the read state machine, unless configured with SSL_ENABLE_FDX, so | |
1649 // the write error stops future reads. | |
1650 EXPECT_EQ(ERR_CONNECTION_RESET, rv); | |
1651 #endif | |
1652 } | 1614 } |
1653 | 1615 |
1654 // Tests that SSLClientSocket fails the handshake if the underlying | 1616 // Tests that SSLClientSocket fails the handshake if the underlying |
1655 // transport is cleanly closed. | 1617 // transport is cleanly closed. |
1656 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) { | 1618 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) { |
1657 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 1619 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
1658 | 1620 |
1659 TestCompletionCallback callback; | 1621 TestCompletionCallback callback; |
1660 scoped_ptr<StreamSocket> real_transport( | 1622 scoped_ptr<StreamSocket> real_transport( |
1661 new TCPClientSocket(addr(), NULL, NetLog::Source())); | 1623 new TCPClientSocket(addr(), NULL, NetLog::Source())); |
(...skipping 603 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2265 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); | 2227 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); |
2266 ASSERT_TRUE(request_info.get()); | 2228 ASSERT_TRUE(request_info.get()); |
2267 ASSERT_EQ(2u, request_info->cert_authorities.size()); | 2229 ASSERT_EQ(2u, request_info->cert_authorities.size()); |
2268 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), | 2230 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), |
2269 request_info->cert_authorities[0]); | 2231 request_info->cert_authorities[0]); |
2270 EXPECT_EQ( | 2232 EXPECT_EQ( |
2271 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), | 2233 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), |
2272 request_info->cert_authorities[1]); | 2234 request_info->cert_authorities[1]); |
2273 } | 2235 } |
2274 | 2236 |
2275 // cert_key_types is currently only populated on OpenSSL. | 2237 // cert_key_types is currently only populated on OpenSSL. |
davidben
2016/04/18 19:36:45
Nit: Remove this comment.
svaldez
2016/04/18 20:21:39
Done.
| |
2276 #if defined(USE_OPENSSL) | |
2277 TEST_F(SSLClientSocketCertRequestInfoTest, CertKeyTypes) { | 2238 TEST_F(SSLClientSocketCertRequestInfoTest, CertKeyTypes) { |
2278 SpawnedTestServer::SSLOptions ssl_options; | 2239 SpawnedTestServer::SSLOptions ssl_options; |
2279 ssl_options.request_client_certificate = true; | 2240 ssl_options.request_client_certificate = true; |
2280 ssl_options.client_cert_types.push_back(CLIENT_CERT_RSA_SIGN); | 2241 ssl_options.client_cert_types.push_back(CLIENT_CERT_RSA_SIGN); |
2281 ssl_options.client_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); | 2242 ssl_options.client_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); |
2282 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); | 2243 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); |
2283 ASSERT_TRUE(request_info.get()); | 2244 ASSERT_TRUE(request_info.get()); |
2284 ASSERT_EQ(2u, request_info->cert_key_types.size()); | 2245 ASSERT_EQ(2u, request_info->cert_key_types.size()); |
2285 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]); | 2246 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]); |
2286 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]); | 2247 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]); |
2287 } | 2248 } |
2288 #endif // defined(USE_OPENSSL) | |
2289 | 2249 |
2290 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) { | 2250 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) { |
2291 SpawnedTestServer::SSLOptions ssl_options; | 2251 SpawnedTestServer::SSLOptions ssl_options; |
2292 ssl_options.signed_cert_timestamps_tls_ext = "test"; | 2252 ssl_options.signed_cert_timestamps_tls_ext = "test"; |
2293 | 2253 |
2294 ASSERT_TRUE(StartTestServer(ssl_options)); | 2254 ASSERT_TRUE(StartTestServer(ssl_options)); |
2295 | 2255 |
2296 SSLConfig ssl_config; | 2256 SSLConfig ssl_config; |
2297 ssl_config.signed_cert_timestamps_enabled = true; | 2257 ssl_config.signed_cert_timestamps_enabled = true; |
2298 | 2258 |
(...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2831 | 2791 |
2832 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2792 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
2833 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | 2793 // False Start requires NPN/ALPN, ECDHE, and an AEAD. |
2834 SpawnedTestServer::SSLOptions server_options; | 2794 SpawnedTestServer::SSLOptions server_options; |
2835 server_options.key_exchanges = | 2795 server_options.key_exchanges = |
2836 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2796 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2837 server_options.bulk_ciphers = | 2797 server_options.bulk_ciphers = |
2838 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2798 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2839 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2799 server_options.npn_protocols.push_back(std::string("http/1.1")); |
2840 SSLConfig client_config; | 2800 SSLConfig client_config; |
2841 #if !defined(USE_OPENSSL) | |
2842 client_config.alpn_protos.push_back(kProtoHTTP11); | |
2843 #endif | |
2844 client_config.npn_protos.push_back(kProtoHTTP11); | 2801 client_config.npn_protos.push_back(kProtoHTTP11); |
2845 ASSERT_NO_FATAL_FAILURE( | 2802 ASSERT_NO_FATAL_FAILURE( |
2846 TestFalseStart(server_options, client_config, true)); | 2803 TestFalseStart(server_options, client_config, true)); |
2847 } | 2804 } |
2848 | 2805 |
2849 // Test that False Start is disabled without NPN. | 2806 // Test that False Start is disabled without NPN. |
2850 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { | 2807 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { |
2851 SpawnedTestServer::SSLOptions server_options; | 2808 SpawnedTestServer::SSLOptions server_options; |
2852 server_options.key_exchanges = | 2809 server_options.key_exchanges = |
2853 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2810 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2854 server_options.bulk_ciphers = | 2811 server_options.bulk_ciphers = |
2855 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2812 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2856 SSLConfig client_config; | 2813 SSLConfig client_config; |
2857 client_config.alpn_protos.clear(); | 2814 client_config.alpn_protos.clear(); |
2858 client_config.npn_protos.clear(); | 2815 client_config.npn_protos.clear(); |
2859 ASSERT_NO_FATAL_FAILURE( | 2816 ASSERT_NO_FATAL_FAILURE( |
2860 TestFalseStart(server_options, client_config, false)); | 2817 TestFalseStart(server_options, client_config, false)); |
2861 } | 2818 } |
2862 | 2819 |
2863 // Test that False Start is disabled with plain RSA ciphers. | 2820 // Test that False Start is disabled with plain RSA ciphers. |
2864 TEST_F(SSLClientSocketFalseStartTest, RSA) { | 2821 TEST_F(SSLClientSocketFalseStartTest, RSA) { |
2865 SpawnedTestServer::SSLOptions server_options; | 2822 SpawnedTestServer::SSLOptions server_options; |
2866 server_options.key_exchanges = | 2823 server_options.key_exchanges = |
2867 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2824 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
2868 server_options.bulk_ciphers = | 2825 server_options.bulk_ciphers = |
2869 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2826 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2870 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2827 server_options.npn_protocols.push_back(std::string("http/1.1")); |
2871 SSLConfig client_config; | 2828 SSLConfig client_config; |
2872 #if !defined(USE_OPENSSL) | |
2873 client_config.alpn_protos.push_back(kProtoHTTP11); | |
2874 #endif | |
2875 client_config.npn_protos.push_back(kProtoHTTP11); | 2829 client_config.npn_protos.push_back(kProtoHTTP11); |
2876 ASSERT_NO_FATAL_FAILURE( | 2830 ASSERT_NO_FATAL_FAILURE( |
2877 TestFalseStart(server_options, client_config, false)); | 2831 TestFalseStart(server_options, client_config, false)); |
2878 } | 2832 } |
2879 | 2833 |
2880 // Test that False Start is disabled with DHE_RSA ciphers. | 2834 // Test that False Start is disabled with DHE_RSA ciphers. |
2881 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | 2835 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { |
2882 SpawnedTestServer::SSLOptions server_options; | 2836 SpawnedTestServer::SSLOptions server_options; |
2883 server_options.key_exchanges = | 2837 server_options.key_exchanges = |
2884 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2838 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
2885 server_options.bulk_ciphers = | 2839 server_options.bulk_ciphers = |
2886 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2840 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2887 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2841 server_options.npn_protocols.push_back(std::string("http/1.1")); |
2888 SSLConfig client_config; | 2842 SSLConfig client_config; |
2889 #if !defined(USE_OPENSSL) | |
2890 client_config.alpn_protos.push_back(kProtoHTTP11); | |
2891 #endif | |
2892 client_config.npn_protos.push_back(kProtoHTTP11); | 2843 client_config.npn_protos.push_back(kProtoHTTP11); |
2893 // DHE is only advertised when deprecated ciphers are enabled. | 2844 // DHE is only advertised when deprecated ciphers are enabled. |
2894 client_config.deprecated_cipher_suites_enabled = true; | 2845 client_config.deprecated_cipher_suites_enabled = true; |
2895 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | 2846 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
2896 } | 2847 } |
2897 | 2848 |
2898 // Test that False Start is disabled without an AEAD. | 2849 // Test that False Start is disabled without an AEAD. |
2899 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2850 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
2900 SpawnedTestServer::SSLOptions server_options; | 2851 SpawnedTestServer::SSLOptions server_options; |
2901 server_options.key_exchanges = | 2852 server_options.key_exchanges = |
2902 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2853 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2903 server_options.bulk_ciphers = | 2854 server_options.bulk_ciphers = |
2904 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2855 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
2905 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2856 server_options.npn_protocols.push_back(std::string("http/1.1")); |
2906 SSLConfig client_config; | 2857 SSLConfig client_config; |
2907 #if !defined(USE_OPENSSL) | |
2908 client_config.alpn_protos.push_back(kProtoHTTP11); | |
2909 #endif | |
2910 client_config.npn_protos.push_back(kProtoHTTP11); | 2858 client_config.npn_protos.push_back(kProtoHTTP11); |
2911 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | 2859 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
2912 } | 2860 } |
2913 | 2861 |
2914 // Test that sessions are resumable after receiving the server Finished message. | 2862 // Test that sessions are resumable after receiving the server Finished message. |
2915 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { | 2863 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
2916 // Start a server. | 2864 // Start a server. |
2917 SpawnedTestServer::SSLOptions server_options; | 2865 SpawnedTestServer::SSLOptions server_options; |
2918 server_options.key_exchanges = | 2866 server_options.key_exchanges = |
2919 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2867 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2920 server_options.bulk_ciphers = | 2868 server_options.bulk_ciphers = |
2921 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2869 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2922 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2870 server_options.npn_protocols.push_back(std::string("http/1.1")); |
2923 SSLConfig client_config; | 2871 SSLConfig client_config; |
2924 #if !defined(USE_OPENSSL) | |
2925 client_config.alpn_protos.push_back(kProtoHTTP11); | |
2926 #endif | |
2927 client_config.npn_protos.push_back(kProtoHTTP11); | 2872 client_config.npn_protos.push_back(kProtoHTTP11); |
2928 | 2873 |
2929 // Let a full handshake complete with False Start. | 2874 // Let a full handshake complete with False Start. |
2930 ASSERT_NO_FATAL_FAILURE( | 2875 ASSERT_NO_FATAL_FAILURE( |
2931 TestFalseStart(server_options, client_config, true)); | 2876 TestFalseStart(server_options, client_config, true)); |
2932 | 2877 |
2933 // Make a second connection. | 2878 // Make a second connection. |
2934 int rv; | 2879 int rv; |
2935 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 2880 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
2936 EXPECT_EQ(OK, rv); | 2881 EXPECT_EQ(OK, rv); |
(...skipping 10 matching lines...) Expand all Loading... | |
2947 // Start a server. | 2892 // Start a server. |
2948 SpawnedTestServer::SSLOptions server_options; | 2893 SpawnedTestServer::SSLOptions server_options; |
2949 server_options.key_exchanges = | 2894 server_options.key_exchanges = |
2950 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2895 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2951 server_options.bulk_ciphers = | 2896 server_options.bulk_ciphers = |
2952 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2897 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2953 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2898 server_options.npn_protocols.push_back(std::string("http/1.1")); |
2954 ASSERT_TRUE(StartTestServer(server_options)); | 2899 ASSERT_TRUE(StartTestServer(server_options)); |
2955 | 2900 |
2956 SSLConfig client_config; | 2901 SSLConfig client_config; |
2957 #if !defined(USE_OPENSSL) | |
2958 client_config.alpn_protos.push_back(kProtoHTTP11); | |
2959 #endif | |
2960 client_config.npn_protos.push_back(kProtoHTTP11); | 2902 client_config.npn_protos.push_back(kProtoHTTP11); |
2961 | 2903 |
2962 // Start a handshake up to the server Finished message. | 2904 // Start a handshake up to the server Finished message. |
2963 TestCompletionCallback callback; | 2905 TestCompletionCallback callback; |
2964 FakeBlockingStreamSocket* raw_transport1 = NULL; | 2906 FakeBlockingStreamSocket* raw_transport1 = NULL; |
2965 scoped_ptr<SSLClientSocket> sock1; | 2907 scoped_ptr<SSLClientSocket> sock1; |
2966 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( | 2908 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( |
2967 client_config, &callback, &raw_transport1, &sock1)); | 2909 client_config, &callback, &raw_transport1, &sock1)); |
2968 // Although raw_transport1 has the server Finished blocked, the handshake | 2910 // Although raw_transport1 has the server Finished blocked, the handshake |
2969 // still completes. | 2911 // still completes. |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3004 // Start a server. | 2946 // Start a server. |
3005 SpawnedTestServer::SSLOptions server_options; | 2947 SpawnedTestServer::SSLOptions server_options; |
3006 server_options.key_exchanges = | 2948 server_options.key_exchanges = |
3007 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2949 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
3008 server_options.bulk_ciphers = | 2950 server_options.bulk_ciphers = |
3009 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2951 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
3010 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2952 server_options.npn_protocols.push_back(std::string("http/1.1")); |
3011 ASSERT_TRUE(StartTestServer(server_options)); | 2953 ASSERT_TRUE(StartTestServer(server_options)); |
3012 | 2954 |
3013 SSLConfig client_config; | 2955 SSLConfig client_config; |
3014 #if !defined(USE_OPENSSL) | |
3015 client_config.alpn_protos.push_back(kProtoHTTP11); | |
3016 #endif | |
3017 client_config.npn_protos.push_back(kProtoHTTP11); | 2956 client_config.npn_protos.push_back(kProtoHTTP11); |
3018 | 2957 |
3019 // Start a handshake up to the server Finished message. | 2958 // Start a handshake up to the server Finished message. |
3020 TestCompletionCallback callback; | 2959 TestCompletionCallback callback; |
3021 FakeBlockingStreamSocket* raw_transport1 = NULL; | 2960 FakeBlockingStreamSocket* raw_transport1 = NULL; |
3022 scoped_ptr<SSLClientSocket> sock1; | 2961 scoped_ptr<SSLClientSocket> sock1; |
3023 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( | 2962 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( |
3024 client_config, &callback, &raw_transport1, &sock1)); | 2963 client_config, &callback, &raw_transport1, &sock1)); |
3025 // Although raw_transport1 has the server Finished blocked, the handshake | 2964 // Although raw_transport1 has the server Finished blocked, the handshake |
3026 // still completes. | 2965 // still completes. |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3153 EXPECT_TRUE(ssl_info.channel_id_sent); | 3092 EXPECT_TRUE(ssl_info.channel_id_sent); |
3154 } | 3093 } |
3155 | 3094 |
3156 TEST_F(SSLClientSocketTest, NPN) { | 3095 TEST_F(SSLClientSocketTest, NPN) { |
3157 SpawnedTestServer::SSLOptions server_options; | 3096 SpawnedTestServer::SSLOptions server_options; |
3158 server_options.npn_protocols.push_back(std::string("spdy/3.1")); | 3097 server_options.npn_protocols.push_back(std::string("spdy/3.1")); |
3159 server_options.npn_protocols.push_back(std::string("h2")); | 3098 server_options.npn_protocols.push_back(std::string("h2")); |
3160 ASSERT_TRUE(StartTestServer(server_options)); | 3099 ASSERT_TRUE(StartTestServer(server_options)); |
3161 | 3100 |
3162 SSLConfig client_config; | 3101 SSLConfig client_config; |
3163 #if !defined(USE_OPENSSL) | |
3164 client_config.alpn_protos.push_back(kProtoHTTP2); | |
3165 client_config.alpn_protos.push_back(kProtoHTTP11); | |
3166 #endif | |
3167 client_config.npn_protos.push_back(kProtoHTTP2); | 3102 client_config.npn_protos.push_back(kProtoHTTP2); |
3168 client_config.npn_protos.push_back(kProtoHTTP11); | 3103 client_config.npn_protos.push_back(kProtoHTTP11); |
3169 | 3104 |
3170 int rv; | 3105 int rv; |
3171 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3106 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
3172 EXPECT_EQ(OK, rv); | 3107 EXPECT_EQ(OK, rv); |
3173 | 3108 |
3174 std::string proto; | 3109 std::string proto; |
3175 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); | 3110 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); |
3176 EXPECT_EQ("h2", proto); | 3111 EXPECT_EQ("h2", proto); |
3177 } | 3112 } |
3178 | 3113 |
3179 // In case of no overlap between client and server list, SSLClientSocket should | 3114 // In case of no overlap between client and server list, SSLClientSocket should |
3180 // fall back to last one on the client list. | 3115 // fall back to last one on the client list. |
3181 TEST_F(SSLClientSocketTest, NPNNoOverlap) { | 3116 TEST_F(SSLClientSocketTest, NPNNoOverlap) { |
3182 SpawnedTestServer::SSLOptions server_options; | 3117 SpawnedTestServer::SSLOptions server_options; |
3183 server_options.npn_protocols.push_back(std::string("http/1.1")); | 3118 server_options.npn_protocols.push_back(std::string("http/1.1")); |
3184 ASSERT_TRUE(StartTestServer(server_options)); | 3119 ASSERT_TRUE(StartTestServer(server_options)); |
3185 | 3120 |
3186 SSLConfig client_config; | 3121 SSLConfig client_config; |
3187 #if !defined(USE_OPENSSL) | |
3188 client_config.alpn_protos.push_back(kProtoSPDY31); | |
3189 client_config.alpn_protos.push_back(kProtoHTTP2); | |
3190 #endif | |
3191 client_config.npn_protos.push_back(kProtoSPDY31); | 3122 client_config.npn_protos.push_back(kProtoSPDY31); |
3192 client_config.npn_protos.push_back(kProtoHTTP2); | 3123 client_config.npn_protos.push_back(kProtoHTTP2); |
3193 | 3124 |
3194 int rv; | 3125 int rv; |
3195 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3126 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
3196 EXPECT_EQ(OK, rv); | 3127 EXPECT_EQ(OK, rv); |
3197 | 3128 |
3198 std::string proto; | 3129 std::string proto; |
3199 EXPECT_EQ(SSLClientSocket::kNextProtoNoOverlap, sock_->GetNextProto(&proto)); | 3130 EXPECT_EQ(SSLClientSocket::kNextProtoNoOverlap, sock_->GetNextProto(&proto)); |
3200 EXPECT_EQ("h2", proto); | 3131 EXPECT_EQ("h2", proto); |
3201 } | 3132 } |
3202 | 3133 |
3203 // Server preference should be respected. The list is in decreasing order of | 3134 // Server preference should be respected. The list is in decreasing order of |
3204 // preference. | 3135 // preference. |
3205 TEST_F(SSLClientSocketTest, NPNServerPreference) { | 3136 TEST_F(SSLClientSocketTest, NPNServerPreference) { |
3206 SpawnedTestServer::SSLOptions server_options; | 3137 SpawnedTestServer::SSLOptions server_options; |
3207 server_options.npn_protocols.push_back(std::string("spdy/3.1")); | 3138 server_options.npn_protocols.push_back(std::string("spdy/3.1")); |
3208 server_options.npn_protocols.push_back(std::string("h2")); | 3139 server_options.npn_protocols.push_back(std::string("h2")); |
3209 ASSERT_TRUE(StartTestServer(server_options)); | 3140 ASSERT_TRUE(StartTestServer(server_options)); |
3210 | 3141 |
3211 SSLConfig client_config; | 3142 SSLConfig client_config; |
3212 #if !defined(USE_OPENSSL) | |
3213 client_config.alpn_protos.push_back(kProtoHTTP2); | |
3214 client_config.alpn_protos.push_back(kProtoSPDY31); | |
3215 #endif | |
3216 client_config.npn_protos.push_back(kProtoHTTP2); | 3143 client_config.npn_protos.push_back(kProtoHTTP2); |
3217 client_config.npn_protos.push_back(kProtoSPDY31); | 3144 client_config.npn_protos.push_back(kProtoSPDY31); |
3218 | 3145 |
3219 int rv; | 3146 int rv; |
3220 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3147 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
3221 EXPECT_EQ(OK, rv); | 3148 EXPECT_EQ(OK, rv); |
3222 | 3149 |
3223 std::string proto; | 3150 std::string proto; |
3224 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); | 3151 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); |
3225 EXPECT_EQ("spdy/3.1", proto); | 3152 EXPECT_EQ("spdy/3.1", proto); |
(...skipping 17 matching lines...) Expand all Loading... | |
3243 std::string proto; | 3170 std::string proto; |
3244 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3171 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
3245 sock_->GetNextProto(&proto)); | 3172 sock_->GetNextProto(&proto)); |
3246 } | 3173 } |
3247 | 3174 |
3248 TEST_F(SSLClientSocketTest, NPNServerDisabled) { | 3175 TEST_F(SSLClientSocketTest, NPNServerDisabled) { |
3249 SpawnedTestServer::SSLOptions server_options; | 3176 SpawnedTestServer::SSLOptions server_options; |
3250 ASSERT_TRUE(StartTestServer(server_options)); | 3177 ASSERT_TRUE(StartTestServer(server_options)); |
3251 | 3178 |
3252 SSLConfig client_config; | 3179 SSLConfig client_config; |
3253 #if !defined(USE_OPENSSL) | |
3254 client_config.alpn_protos.push_back(kProtoHTTP11); | |
3255 #endif | |
3256 client_config.npn_protos.push_back(kProtoHTTP11); | 3180 client_config.npn_protos.push_back(kProtoHTTP11); |
3257 | 3181 |
3258 int rv; | 3182 int rv; |
3259 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3183 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
3260 EXPECT_EQ(OK, rv); | 3184 EXPECT_EQ(OK, rv); |
3261 | 3185 |
3262 std::string proto; | 3186 std::string proto; |
3263 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3187 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
3264 sock_->GetNextProto(&proto)); | 3188 sock_->GetNextProto(&proto)); |
3265 } | 3189 } |
3266 | 3190 |
3267 // Client auth is not supported in NSS ports. | |
3268 #if defined(USE_OPENSSL) | |
3269 | |
3270 namespace { | 3191 namespace { |
3271 | 3192 |
3272 // Loads a PEM-encoded private key file into a SSLPrivateKey object. | 3193 // Loads a PEM-encoded private key file into a SSLPrivateKey object. |
3273 // |filepath| is the private key file path. | 3194 // |filepath| is the private key file path. |
3274 // Returns the new SSLPrivateKey. | 3195 // Returns the new SSLPrivateKey. |
3275 scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL( | 3196 scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL( |
3276 const base::FilePath& filepath) { | 3197 const base::FilePath& filepath) { |
3277 std::string data; | 3198 std::string data; |
3278 if (!base::ReadFileToString(filepath, &data)) { | 3199 if (!base::ReadFileToString(filepath, &data)) { |
3279 LOG(ERROR) << "Could not read private key file: " << filepath.value(); | 3200 LOG(ERROR) << "Could not read private key file: " << filepath.value(); |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3362 EXPECT_EQ(OK, rv); | 3283 EXPECT_EQ(OK, rv); |
3363 EXPECT_TRUE(sock_->IsConnected()); | 3284 EXPECT_TRUE(sock_->IsConnected()); |
3364 | 3285 |
3365 SSLInfo ssl_info; | 3286 SSLInfo ssl_info; |
3366 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3287 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
3367 EXPECT_TRUE(ssl_info.client_cert_sent); | 3288 EXPECT_TRUE(ssl_info.client_cert_sent); |
3368 | 3289 |
3369 sock_->Disconnect(); | 3290 sock_->Disconnect(); |
3370 EXPECT_FALSE(sock_->IsConnected()); | 3291 EXPECT_FALSE(sock_->IsConnected()); |
3371 } | 3292 } |
3372 #endif // defined(USE_OPENSSL) | |
3373 | 3293 |
3374 } // namespace net | 3294 } // namespace net |
OLD | NEW |