Index: net/url_request/url_request_unittest.cc |
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc |
index cd41ebba004bd5a806f7ee4d2799f6c29f36fc2d..213750c494a127367649723efc37c3f6644cd7b2 100644 |
--- a/net/url_request/url_request_unittest.cc |
+++ b/net/url_request/url_request_unittest.cc |
@@ -3323,15 +3323,10 @@ class TestSSLConfigService : public SSLConfigService { |
rev_checking_required_local_anchors_( |
rev_checking_required_local_anchors), |
token_binding_enabled_(token_binding_enabled), |
- min_version_(kDefaultSSLVersionMin), |
- fallback_min_version_(kDefaultSSLVersionFallbackMin) {} |
+ min_version_(kDefaultSSLVersionMin) {} |
void set_min_version(uint16_t version) { min_version_ = version; } |
- void set_fallback_min_version(uint16_t version) { |
- fallback_min_version_ = version; |
- } |
- |
// SSLConfigService: |
void GetSSLConfig(SSLConfig* config) override { |
*config = SSLConfig(); |
@@ -3339,9 +3334,6 @@ class TestSSLConfigService : public SSLConfigService { |
config->verify_ev_cert = ev_enabled_; |
config->rev_checking_required_local_anchors = |
rev_checking_required_local_anchors_; |
- if (fallback_min_version_) { |
- config->version_fallback_min = fallback_min_version_; |
- } |
if (min_version_) { |
config->version_min = min_version_; |
} |
@@ -3359,7 +3351,6 @@ class TestSSLConfigService : public SSLConfigService { |
const bool rev_checking_required_local_anchors_; |
const bool token_binding_enabled_; |
uint16_t min_version_; |
- uint16_t fallback_min_version_; |
}; |
// TODO(svaldez): Update tests to use EmbeddedTestServer. |
@@ -8876,22 +8867,6 @@ TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) { |
} |
} |
-class FallbackTestURLRequestContext : public TestURLRequestContext { |
- public: |
- explicit FallbackTestURLRequestContext(bool delay_initialization) |
- : TestURLRequestContext(delay_initialization) {} |
- |
- void set_fallback_min_version(uint16_t version) { |
- TestSSLConfigService* ssl_config_service = new TestSSLConfigService( |
- true /* check for EV */, false /* online revocation checking */, |
- false /* require rev. checking for local |
- anchors */, |
- false /* token binding enabled */); |
- ssl_config_service->set_fallback_min_version(version); |
- set_ssl_config_service(ssl_config_service); |
- } |
-}; |
- |
class HTTPSFallbackTest : public testing::Test { |
public: |
HTTPSFallbackTest() : context_(true) {} |
@@ -8916,10 +8891,6 @@ class HTTPSFallbackTest : public testing::Test { |
base::RunLoop().Run(); |
} |
- void set_fallback_min_version(uint16_t version) { |
- context_.set_fallback_min_version(version); |
- } |
- |
void ExpectConnection(int version) { |
EXPECT_EQ(1, delegate_.response_started_count()); |
EXPECT_NE(0, delegate_.bytes_received()); |
@@ -8938,7 +8909,7 @@ class HTTPSFallbackTest : public testing::Test { |
private: |
TestDelegate delegate_; |
- FallbackTestURLRequestContext context_; |
+ TestURLRequestContext context_; |
std::unique_ptr<URLRequest> request_; |
}; |
@@ -8953,7 +8924,7 @@ TEST_F(HTTPSFallbackTest, TLSv1NoFallback) { |
ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
} |
-// Tests the TLS 1.1 fallback doesn't happen but 1.2-intolerance is detected. |
+// Tests the TLS 1.1 fallback doesn't happen. |
TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { |
SpawnedTestServer::SSLOptions ssl_options( |
SpawnedTestServer::SSLOptions::CERT_OK); |
@@ -8961,167 +8932,9 @@ TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { |
SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; |
ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
- ExpectFailure(ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION); |
-} |
- |
-// Tests the TLS 1.1 fallback when explicitly enabled. |
-TEST_F(HTTPSFallbackTest, TLSv1_1Fallback) { |
- SpawnedTestServer::SSLOptions ssl_options( |
- SpawnedTestServer::SSLOptions::CERT_OK); |
- ssl_options.tls_intolerant = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; |
- |
- set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1); |
- ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
- ExpectConnection(SSL_CONNECTION_VERSION_TLS1_1); |
-} |
- |
-// Tests that the TLS 1.1 fallback, if enabled, triggers on closed connections. |
-TEST_F(HTTPSFallbackTest, TLSv1_1FallbackClosed) { |
- SpawnedTestServer::SSLOptions ssl_options( |
- SpawnedTestServer::SSLOptions::CERT_OK); |
- ssl_options.tls_intolerant = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; |
- ssl_options.tls_intolerance_type = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; |
- |
- set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1); |
- ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
- ExpectConnection(SSL_CONNECTION_VERSION_TLS1_1); |
-} |
- |
-// This test is disabled on Android because the remote test server doesn't cause |
-// a TCP reset. |
-#if !defined(OS_ANDROID) |
-// Tests fallback to TLS 1.1, if enabled, on connection reset. |
-TEST_F(HTTPSFallbackTest, TLSv1_1FallbackReset) { |
- SpawnedTestServer::SSLOptions ssl_options( |
- SpawnedTestServer::SSLOptions::CERT_OK); |
- ssl_options.tls_intolerant = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; |
- ssl_options.tls_intolerance_type = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; |
- |
- set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1); |
- ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
- ExpectConnection(SSL_CONNECTION_VERSION_TLS1_1); |
-} |
-#endif // !OS_ANDROID |
- |
-// Tests that we don't fallback, even if enabled, on handshake failure with |
-// servers that implement TLS_FALLBACK_SCSV. Also ensure that the original error |
-// code is reported. |
-TEST_F(HTTPSFallbackTest, FallbackSCSV) { |
- SpawnedTestServer::SSLOptions ssl_options( |
- SpawnedTestServer::SSLOptions::CERT_OK); |
- // Configure HTTPS server to be intolerant of TLS >= 1.1 in order to trigger |
- // a version fallback. |
- ssl_options.tls_intolerant = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; |
- // Have the server process TLS_FALLBACK_SCSV so that version fallback |
- // connections are rejected. |
- ssl_options.fallback_scsv_enabled = true; |
- |
- set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1); |
- ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
- |
- // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version |
- // intolerance. If the fallback SCSV is processed when the original error |
- // that caused the fallback should be returned, which should be |
- // ERR_SSL_VERSION_OR_CIPHER_MISMATCH. |
ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
} |
-// Tests that we don't fallback, even if enabled, on connection closed with |
-// servers that implement TLS_FALLBACK_SCSV. Also ensure that the original error |
-// code is reported. |
-TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) { |
- SpawnedTestServer::SSLOptions ssl_options( |
- SpawnedTestServer::SSLOptions::CERT_OK); |
- // Configure HTTPS server to be intolerant of TLS >= 1.1 in order to trigger |
- // a version fallback. |
- ssl_options.tls_intolerant = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; |
- ssl_options.tls_intolerance_type = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; |
- // Have the server process TLS_FALLBACK_SCSV so that version fallback |
- // connections are rejected. |
- ssl_options.fallback_scsv_enabled = true; |
- |
- set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1); |
- ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
- |
- // The original error should be replayed on rejected fallback. |
- ExpectFailure(ERR_CONNECTION_CLOSED); |
-} |
- |
-// Test that fallback probe connections don't cause sessions to be cached. |
-TEST_F(HTTPSRequestTest, FallbackProbeNoCache) { |
- SpawnedTestServer::SSLOptions ssl_options( |
- SpawnedTestServer::SSLOptions::CERT_OK); |
- ssl_options.tls_intolerant = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; |
- ssl_options.tls_intolerance_type = |
- SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; |
- ssl_options.record_resume = true; |
- |
- SpawnedTestServer test_server( |
- SpawnedTestServer::TYPE_HTTPS, |
- ssl_options, |
- base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
- ASSERT_TRUE(test_server.Start()); |
- |
- SSLClientSocket::ClearSessionCache(); |
- |
- // Make a connection that does a probe fallback to TLSv1.1 but fails because |
- // fallback is disabled. We don't wish a session for this connection to be |
- // inserted locally. |
- { |
- TestDelegate delegate; |
- FallbackTestURLRequestContext context(true); |
- |
- context.Init(); |
- std::unique_ptr<URLRequest> request(context.CreateRequest( |
- test_server.GetURL("/"), DEFAULT_PRIORITY, &delegate)); |
- request->Start(); |
- |
- base::RunLoop().Run(); |
- |
- EXPECT_EQ(1, delegate.response_started_count()); |
- EXPECT_FALSE(request->status().is_success()); |
- EXPECT_EQ(URLRequestStatus::FAILED, request->status().status()); |
- EXPECT_EQ(ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION, |
- request->status().error()); |
- } |
- |
- // Now allow TLSv1.1 fallback connections and request the session cache log. |
- { |
- TestDelegate delegate; |
- FallbackTestURLRequestContext context(true); |
- context.set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1); |
- |
- context.Init(); |
- std::unique_ptr<URLRequest> request(context.CreateRequest( |
- test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &delegate)); |
- request->Start(); |
- |
- base::RunLoop().Run(); |
- |
- EXPECT_EQ(1, delegate.response_started_count()); |
- EXPECT_NE(0, delegate.bytes_received()); |
- EXPECT_EQ( |
- SSL_CONNECTION_VERSION_TLS1_1, |
- SSLConnectionStatusToVersion(request->ssl_info().connection_status)); |
- EXPECT_TRUE(request->ssl_info().connection_status & |
- SSL_CONNECTION_VERSION_FALLBACK); |
- |
- std::vector<std::string> lines; |
- // If no sessions were cached then the server should have seen two sessions |
- // inserted with no lookups. |
- AssertTwoDistinctSessionsInserted(delegate.data_received()); |
- } |
-} |
- |
class HTTPSSessionTest : public testing::Test { |
public: |
HTTPSSessionTest() : default_context_(true) { |