Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(624)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 2056343006: Remove DHE. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: actually connect up the feature flag Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <utility> 10 #include <utility>
(...skipping 2622 matching lines...) Expand 10 before | Expand all | Expand 10 after
2633 // offer the > TLS 1.0 session, so this must have been the session from the 2633 // offer the > TLS 1.0 session, so this must have been the session from the
2634 // first fallback connection. 2634 // first fallback connection.
2635 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); 2635 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv));
2636 EXPECT_EQ(OK, rv); 2636 EXPECT_EQ(OK, rv);
2637 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2637 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2638 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2638 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2639 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, 2639 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
2640 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2640 SSLConnectionStatusToVersion(ssl_info.connection_status));
2641 } 2641 }
2642 2642
2643 // Test that DHE is only enabled if deprecated_cipher_suites_enabled is set. 2643 // Test that DHE is removed but gives a dedicated error. Also test that the
2644 TEST_F(SSLClientSocketTest, DHEDeprecated) { 2644 // dhe_enabled option can restore it.
2645 TEST_F(SSLClientSocketTest, DHE) {
2645 SpawnedTestServer::SSLOptions ssl_options; 2646 SpawnedTestServer::SSLOptions ssl_options;
2646 ssl_options.key_exchanges = 2647 ssl_options.key_exchanges =
2647 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; 2648 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
2648 ASSERT_TRUE(StartTestServer(ssl_options)); 2649 ASSERT_TRUE(StartTestServer(ssl_options));
2649 2650
2650 // Normal handshakes with DHE do not work. 2651 // Normal handshakes with DHE do not work, with or without DHE enabled.
2651 SSLConfig ssl_config; 2652 SSLConfig ssl_config;
2652 int rv; 2653 int rv;
2653 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2654 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2654 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 2655 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
2655 2656
2656 // Enabling deprecated ciphers works fine. 2657 ssl_config.dhe_enabled = true;
2658 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2659 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
2660
2661 // Enabling deprecated ciphers gives DHE a dedicated error code.
2662 ssl_config.dhe_enabled = false;
2657 ssl_config.deprecated_cipher_suites_enabled = true; 2663 ssl_config.deprecated_cipher_suites_enabled = true;
2658 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2664 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2665 EXPECT_EQ(ERR_SSL_OBSOLETE_CIPHER, rv);
2666
2667 // Enabling both deprecated ciphers and DHE restores it.
2668 ssl_config.dhe_enabled = true;
2669 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2659 EXPECT_EQ(OK, rv); 2670 EXPECT_EQ(OK, rv);
2660 } 2671 }
2661 2672
2662 // Tests that enabling deprecated ciphers shards the session cache. 2673 // Tests that enabling deprecated ciphers shards the session cache.
2663 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { 2674 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) {
2664 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 2675 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
2665 2676
2666 // Prepare a normal and deprecated SSL config. 2677 // Prepare a normal and deprecated SSL config.
2667 SSLConfig ssl_config; 2678 SSLConfig ssl_config;
2668 SSLConfig deprecated_ssl_config; 2679 SSLConfig deprecated_ssl_config;
(...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after
3347 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3358 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3348 3359
3349 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv); 3360 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv);
3350 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); 3361 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
3351 EXPECT_TRUE(sock_->IsConnected()); 3362 EXPECT_TRUE(sock_->IsConnected());
3352 3363
3353 EXPECT_FALSE(ssl_info.pkp_bypassed); 3364 EXPECT_FALSE(ssl_info.pkp_bypassed);
3354 } 3365 }
3355 3366
3356 } // namespace net 3367 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698