| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <string> | 6 #include <string> |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 MockHostResolver mock_resolver_; | 115 MockHostResolver mock_resolver_; |
| 116 HttpServerPropertiesImpl http_server_properties_; | 116 HttpServerPropertiesImpl http_server_properties_; |
| 117 MockCertVerifier cert_verifier_; | 117 MockCertVerifier cert_verifier_; |
| 118 TransportSecurityState transport_security_state_; | 118 TransportSecurityState transport_security_state_; |
| 119 MultiLogCTVerifier ct_verifier_; | 119 MultiLogCTVerifier ct_verifier_; |
| 120 CTPolicyEnforcer ct_policy_enforcer_; | 120 CTPolicyEnforcer ct_policy_enforcer_; |
| 121 HttpNetworkSession::Params session_params_; | 121 HttpNetworkSession::Params session_params_; |
| 122 std::vector<std::unique_ptr<HttpRequestInfo>> request_info_vector_; | 122 std::vector<std::unique_ptr<HttpRequestInfo>> request_info_vector_; |
| 123 }; | 123 }; |
| 124 | 124 |
| 125 // Tests that HttpNetworkTransaction attempts to fallback from | |
| 126 // TLS 1.2 to TLS 1.1. | |
| 127 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { | |
| 128 ssl_config_service_ = new TLS12SSLConfigService; | |
| 129 session_params_.ssl_config_service = ssl_config_service_.get(); | |
| 130 // |ssl_data1| is for the first handshake (TLS 1.2), which will fail | |
| 131 // for protocol reasons (e.g., simulating a version rollback attack). | |
| 132 SSLSocketDataProvider ssl_data1(ASYNC, ERR_SSL_PROTOCOL_ERROR); | |
| 133 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data1); | |
| 134 StaticSocketDataProvider data1(NULL, 0, NULL, 0); | |
| 135 mock_socket_factory_.AddSocketDataProvider(&data1); | |
| 136 | |
| 137 // |ssl_data2| contains the handshake result for a TLS 1.1 | |
| 138 // handshake which will be attempted after the TLS 1.2 | |
| 139 // handshake fails. | |
| 140 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); | |
| 141 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); | |
| 142 StaticSocketDataProvider data2(NULL, 0, NULL, 0); | |
| 143 mock_socket_factory_.AddSocketDataProvider(&data2); | |
| 144 | |
| 145 HttpNetworkSession session(session_params_); | |
| 146 HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session); | |
| 147 | |
| 148 TestCompletionCallback callback; | |
| 149 // This will consume |ssl_data1| and |ssl_data2|. | |
| 150 int rv = | |
| 151 callback.GetResult(trans.Start(GetRequestInfo("https://www.paypal.com/"), | |
| 152 callback.callback(), BoundNetLog())); | |
| 153 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | |
| 154 | |
| 155 SocketDataProviderArray<SocketDataProvider>& mock_data = | |
| 156 mock_socket_factory_.mock_data(); | |
| 157 // Confirms that |ssl_data1| and |ssl_data2| are consumed. | |
| 158 EXPECT_EQ(2u, mock_data.next_index()); | |
| 159 | |
| 160 SSLConfig& ssl_config = GetServerSSLConfig(&trans); | |
| 161 // |version_max| falls back to TLS 1.1. | |
| 162 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_max); | |
| 163 EXPECT_TRUE(ssl_config.version_fallback); | |
| 164 } | |
| 165 | |
| 166 #if !defined(OS_IOS) | 125 #if !defined(OS_IOS) |
| 167 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { | 126 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { |
| 168 ssl_config_service_ = new TokenBindingSSLConfigService; | 127 ssl_config_service_ = new TokenBindingSSLConfigService; |
| 169 session_params_.ssl_config_service = ssl_config_service_.get(); | 128 session_params_.ssl_config_service = ssl_config_service_.get(); |
| 170 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), | 129 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), |
| 171 base::ThreadTaskRunnerHandle::Get()); | 130 base::ThreadTaskRunnerHandle::Get()); |
| 172 session_params_.channel_id_service = &channel_id_service; | 131 session_params_.channel_id_service = &channel_id_service; |
| 173 | 132 |
| 174 SSLSocketDataProvider ssl_data(ASYNC, OK); | 133 SSLSocketDataProvider ssl_data(ASYNC, OK); |
| 175 ssl_data.token_binding_negotiated = true; | 134 ssl_data.token_binding_negotiated = true; |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 243 | 202 |
| 244 HttpRequestHeaders headers; | 203 HttpRequestHeaders headers; |
| 245 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers)); | 204 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers)); |
| 246 std::string token_binding_header; | 205 std::string token_binding_header; |
| 247 EXPECT_FALSE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, | 206 EXPECT_FALSE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, |
| 248 &token_binding_header)); | 207 &token_binding_header)); |
| 249 } | 208 } |
| 250 #endif // !defined(OS_IOS) | 209 #endif // !defined(OS_IOS) |
| 251 | 210 |
| 252 } // namespace net | 211 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2099673003:
Delete TLS version fallback code in net/http. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@fallback-die-die-die-2