OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <utility> | 10 #include <utility> |
(...skipping 2622 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2633 // offer the > TLS 1.0 session, so this must have been the session from the | 2633 // offer the > TLS 1.0 session, so this must have been the session from the |
2634 // first fallback connection. | 2634 // first fallback connection. |
2635 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); | 2635 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); |
2636 EXPECT_EQ(OK, rv); | 2636 EXPECT_EQ(OK, rv); |
2637 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2637 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
2638 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | 2638 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
2639 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, | 2639 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, |
2640 SSLConnectionStatusToVersion(ssl_info.connection_status)); | 2640 SSLConnectionStatusToVersion(ssl_info.connection_status)); |
2641 } | 2641 } |
2642 | 2642 |
2643 // Test that DHE is only enabled if deprecated_cipher_suites_enabled is set. | 2643 // Test that DHE is removed but gives a dedicated error. Also test that the |
2644 TEST_F(SSLClientSocketTest, DHEDeprecated) { | 2644 // dhe_enabled option can restore it. |
| 2645 TEST_F(SSLClientSocketTest, DHE) { |
2645 SpawnedTestServer::SSLOptions ssl_options; | 2646 SpawnedTestServer::SSLOptions ssl_options; |
2646 ssl_options.key_exchanges = | 2647 ssl_options.key_exchanges = |
2647 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2648 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
2648 ASSERT_TRUE(StartTestServer(ssl_options)); | 2649 ASSERT_TRUE(StartTestServer(ssl_options)); |
2649 | 2650 |
2650 // Normal handshakes with DHE do not work. | 2651 // Normal handshakes with DHE do not work, with or without DHE enabled. |
2651 SSLConfig ssl_config; | 2652 SSLConfig ssl_config; |
2652 int rv; | 2653 int rv; |
2653 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2654 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2654 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); | 2655 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
2655 | 2656 |
2656 // Enabling deprecated ciphers works fine. | 2657 ssl_config.dhe_enabled = true; |
| 2658 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2659 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
| 2660 |
| 2661 // Enabling deprecated ciphers gives DHE a dedicated error code. |
| 2662 ssl_config.dhe_enabled = false; |
2657 ssl_config.deprecated_cipher_suites_enabled = true; | 2663 ssl_config.deprecated_cipher_suites_enabled = true; |
2658 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2664 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2665 EXPECT_EQ(ERR_SSL_OBSOLETE_CIPHER, rv); |
| 2666 |
| 2667 // Enabling both deprecated ciphers and DHE restores it. |
| 2668 ssl_config.dhe_enabled = true; |
| 2669 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2659 EXPECT_EQ(OK, rv); | 2670 EXPECT_EQ(OK, rv); |
2660 } | 2671 } |
2661 | 2672 |
2662 // Tests that enabling deprecated ciphers shards the session cache. | 2673 // Tests that enabling deprecated ciphers shards the session cache. |
2663 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { | 2674 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { |
2664 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 2675 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
2665 | 2676 |
2666 // Prepare a normal and deprecated SSL config. | 2677 // Prepare a normal and deprecated SSL config. |
2667 SSLConfig ssl_config; | 2678 SSLConfig ssl_config; |
2668 SSLConfig deprecated_ssl_config; | 2679 SSLConfig deprecated_ssl_config; |
(...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3347 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3358 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
3348 | 3359 |
3349 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv); | 3360 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv); |
3350 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); | 3361 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); |
3351 EXPECT_TRUE(sock_->IsConnected()); | 3362 EXPECT_TRUE(sock_->IsConnected()); |
3352 | 3363 |
3353 EXPECT_FALSE(ssl_info.pkp_bypassed); | 3364 EXPECT_FALSE(ssl_info.pkp_bypassed); |
3354 } | 3365 } |
3355 | 3366 |
3356 } // namespace net | 3367 } // namespace net |
OLD | NEW |