| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 2549 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2560 | 2560 |
| 2561 SSLClientSocket::ClearSessionCache(); | 2561 SSLClientSocket::ClearSessionCache(); |
| 2562 | 2562 |
| 2563 // After clearing the session cache, the next handshake doesn't resume. | 2563 // After clearing the session cache, the next handshake doesn't resume. |
| 2564 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2564 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2565 ASSERT_THAT(rv, IsOk()); | 2565 ASSERT_THAT(rv, IsOk()); |
| 2566 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2566 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2567 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 2567 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2568 } | 2568 } |
| 2569 | 2569 |
| 2570 // Tests that ALPN works with session resumption. |
| 2571 TEST_F(SSLClientSocketTest, SessionResumptionALPN) { |
| 2572 SpawnedTestServer::SSLOptions ssl_options; |
| 2573 ssl_options.alpn_protocols.push_back("h2"); |
| 2574 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2575 |
| 2576 // First, perform a full handshake. |
| 2577 SSLConfig ssl_config; |
| 2578 // Disable TLS False Start to ensure the handshake has completed. |
| 2579 ssl_config.false_start_enabled = false; |
| 2580 ssl_config.alpn_protos.push_back(kProtoHTTP2); |
| 2581 int rv; |
| 2582 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2583 ASSERT_THAT(rv, IsOk()); |
| 2584 SSLInfo ssl_info; |
| 2585 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2586 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2587 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol()); |
| 2588 |
| 2589 // The next connection should resume. |
| 2590 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2591 ASSERT_THAT(rv, IsOk()); |
| 2592 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2593 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
| 2594 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol()); |
| 2595 } |
| 2596 |
| 2570 // Tests that connections with certificate errors do not add entries to the | 2597 // Tests that connections with certificate errors do not add entries to the |
| 2571 // session cache. | 2598 // session cache. |
| 2572 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { | 2599 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { |
| 2573 SpawnedTestServer::SSLOptions ssl_options; | 2600 SpawnedTestServer::SSLOptions ssl_options; |
| 2574 ASSERT_TRUE(StartTestServer(ssl_options)); | 2601 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2575 | 2602 |
| 2576 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); | 2603 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); |
| 2577 | 2604 |
| 2578 SSLConfig ssl_config; | 2605 SSLConfig ssl_config; |
| 2579 int rv; | 2606 int rv; |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2779 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); | 2806 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 2780 | 2807 |
| 2781 int rv; | 2808 int rv; |
| 2782 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2809 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2783 EXPECT_THAT(rv, IsOk()); | 2810 EXPECT_THAT(rv, IsOk()); |
| 2784 SSLInfo info; | 2811 SSLInfo info; |
| 2785 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | 2812 EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
| 2786 EXPECT_FALSE(info.token_binding_negotiated); | 2813 EXPECT_FALSE(info.token_binding_negotiated); |
| 2787 } | 2814 } |
| 2788 | 2815 |
| 2789 // In tests requiring NPN, client_config.alpn_protos and | 2816 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithNPN) { |
| 2790 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is | 2817 // False Start requires ALPN or NPN, and ECDHE, and an AEAD. |
| 2791 // disabled due to quirks of the implementation. | |
| 2792 | |
| 2793 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | |
| 2794 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | |
| 2795 SpawnedTestServer::SSLOptions server_options; | 2818 SpawnedTestServer::SSLOptions server_options; |
| 2796 server_options.key_exchanges = | 2819 server_options.key_exchanges = |
| 2797 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2820 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2798 server_options.bulk_ciphers = | 2821 server_options.bulk_ciphers = |
| 2799 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2822 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2800 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2823 server_options.npn_protocols.push_back("http/1.1"); |
| 2801 SSLConfig client_config; | 2824 SSLConfig client_config; |
| 2802 client_config.npn_protos.push_back(kProtoHTTP11); | 2825 client_config.npn_protos.push_back(kProtoHTTP11); |
| 2803 ASSERT_NO_FATAL_FAILURE( | 2826 ASSERT_NO_FATAL_FAILURE( |
| 2804 TestFalseStart(server_options, client_config, true)); | 2827 TestFalseStart(server_options, client_config, true)); |
| 2805 } | 2828 } |
| 2806 | 2829 |
| 2807 // Test that False Start is disabled without NPN. | 2830 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithALPN) { |
| 2808 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { | 2831 // False Start requires ALPN or NPN, and ECDHE, and an AEAD. |
| 2809 SpawnedTestServer::SSLOptions server_options; | 2832 SpawnedTestServer::SSLOptions server_options; |
| 2810 server_options.key_exchanges = | 2833 server_options.key_exchanges = |
| 2811 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2834 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2835 server_options.bulk_ciphers = |
| 2836 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2837 server_options.alpn_protocols.push_back("http/1.1"); |
| 2838 SSLConfig client_config; |
| 2839 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2840 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); |
| 2841 } |
| 2842 |
| 2843 // Test that False Start is disabled without either ALPN or NPN. |
| 2844 TEST_F(SSLClientSocketFalseStartTest, NoAlpnAndNoNpn) { |
| 2845 SpawnedTestServer::SSLOptions server_options; |
| 2846 server_options.key_exchanges = |
| 2847 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2812 server_options.bulk_ciphers = | 2848 server_options.bulk_ciphers = |
| 2813 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2849 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2814 SSLConfig client_config; | 2850 SSLConfig client_config; |
| 2815 client_config.alpn_protos.clear(); | 2851 client_config.alpn_protos.clear(); |
| 2816 client_config.npn_protos.clear(); | 2852 client_config.npn_protos.clear(); |
| 2817 ASSERT_NO_FATAL_FAILURE( | 2853 ASSERT_NO_FATAL_FAILURE( |
| 2818 TestFalseStart(server_options, client_config, false)); | 2854 TestFalseStart(server_options, client_config, false)); |
| 2819 } | 2855 } |
| 2820 | 2856 |
| 2821 // Test that False Start is disabled with plain RSA ciphers. | 2857 // Test that False Start is disabled with plain RSA ciphers. |
| 2822 TEST_F(SSLClientSocketFalseStartTest, RSA) { | 2858 TEST_F(SSLClientSocketFalseStartTest, RSA) { |
| 2823 SpawnedTestServer::SSLOptions server_options; | 2859 SpawnedTestServer::SSLOptions server_options; |
| 2824 server_options.key_exchanges = | 2860 server_options.key_exchanges = |
| 2825 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2861 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2826 server_options.bulk_ciphers = | 2862 server_options.bulk_ciphers = |
| 2827 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2863 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2828 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2864 server_options.alpn_protocols.push_back("http/1.1"); |
| 2829 SSLConfig client_config; | 2865 SSLConfig client_config; |
| 2830 client_config.npn_protos.push_back(kProtoHTTP11); | 2866 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2831 ASSERT_NO_FATAL_FAILURE( | 2867 ASSERT_NO_FATAL_FAILURE( |
| 2832 TestFalseStart(server_options, client_config, false)); | 2868 TestFalseStart(server_options, client_config, false)); |
| 2833 } | 2869 } |
| 2834 | 2870 |
| 2835 // Test that False Start is disabled with DHE_RSA ciphers. | 2871 // Test that False Start is disabled with DHE_RSA ciphers. |
| 2836 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | 2872 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { |
| 2837 SpawnedTestServer::SSLOptions server_options; | 2873 SpawnedTestServer::SSLOptions server_options; |
| 2838 server_options.key_exchanges = | 2874 server_options.key_exchanges = |
| 2839 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2875 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2840 server_options.bulk_ciphers = | 2876 server_options.bulk_ciphers = |
| 2841 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2877 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2842 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2878 server_options.alpn_protocols.push_back("http/1.1"); |
| 2843 SSLConfig client_config; | 2879 SSLConfig client_config; |
| 2844 client_config.npn_protos.push_back(kProtoHTTP11); | 2880 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2845 // DHE is only advertised when deprecated ciphers are enabled. | 2881 // DHE is only advertised when deprecated ciphers are enabled. |
| 2846 client_config.deprecated_cipher_suites_enabled = true; | 2882 client_config.deprecated_cipher_suites_enabled = true; |
| 2847 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | 2883 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| 2848 } | 2884 } |
| 2849 | 2885 |
| 2850 // Test that False Start is disabled without an AEAD. | 2886 // Test that False Start is disabled without an AEAD. |
| 2851 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2887 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
| 2852 SpawnedTestServer::SSLOptions server_options; | 2888 SpawnedTestServer::SSLOptions server_options; |
| 2853 server_options.key_exchanges = | 2889 server_options.key_exchanges = |
| 2854 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2890 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2855 server_options.bulk_ciphers = | 2891 server_options.bulk_ciphers = |
| 2856 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2892 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
| 2857 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2893 server_options.alpn_protocols.push_back("http/1.1"); |
| 2858 SSLConfig client_config; | 2894 SSLConfig client_config; |
| 2859 client_config.npn_protos.push_back(kProtoHTTP11); | 2895 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2860 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | 2896 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| 2861 } | 2897 } |
| 2862 | 2898 |
| 2863 // Test that sessions are resumable after receiving the server Finished message. | 2899 // Test that sessions are resumable after receiving the server Finished message. |
| 2864 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { | 2900 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
| 2865 // Start a server. | 2901 // Start a server. |
| 2866 SpawnedTestServer::SSLOptions server_options; | 2902 SpawnedTestServer::SSLOptions server_options; |
| 2867 server_options.key_exchanges = | 2903 server_options.key_exchanges = |
| 2868 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2904 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2869 server_options.bulk_ciphers = | 2905 server_options.bulk_ciphers = |
| 2870 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2906 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2871 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2907 server_options.alpn_protocols.push_back("http/1.1"); |
| 2872 SSLConfig client_config; | 2908 SSLConfig client_config; |
| 2873 client_config.npn_protos.push_back(kProtoHTTP11); | 2909 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2874 | 2910 |
| 2875 // Let a full handshake complete with False Start. | 2911 // Let a full handshake complete with False Start. |
| 2876 ASSERT_NO_FATAL_FAILURE( | 2912 ASSERT_NO_FATAL_FAILURE( |
| 2877 TestFalseStart(server_options, client_config, true)); | 2913 TestFalseStart(server_options, client_config, true)); |
| 2878 | 2914 |
| 2879 // Make a second connection. | 2915 // Make a second connection. |
| 2880 int rv; | 2916 int rv; |
| 2881 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 2917 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 2882 EXPECT_THAT(rv, IsOk()); | 2918 EXPECT_THAT(rv, IsOk()); |
| 2883 | 2919 |
| 2884 // It should resume the session. | 2920 // It should resume the session. |
| 2885 SSLInfo ssl_info; | 2921 SSLInfo ssl_info; |
| 2886 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2922 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2887 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | 2923 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
| 2888 } | 2924 } |
| 2889 | 2925 |
| 2890 // Test that False Started sessions are not resumable before receiving the | 2926 // Test that False Started sessions are not resumable before receiving the |
| 2891 // server Finished message. | 2927 // server Finished message. |
| 2892 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { | 2928 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { |
| 2893 // Start a server. | 2929 // Start a server. |
| 2894 SpawnedTestServer::SSLOptions server_options; | 2930 SpawnedTestServer::SSLOptions server_options; |
| 2895 server_options.key_exchanges = | 2931 server_options.key_exchanges = |
| 2896 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2932 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2897 server_options.bulk_ciphers = | 2933 server_options.bulk_ciphers = |
| 2898 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2934 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2899 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2935 server_options.alpn_protocols.push_back("http/1.1"); |
| 2900 ASSERT_TRUE(StartTestServer(server_options)); | 2936 ASSERT_TRUE(StartTestServer(server_options)); |
| 2901 | 2937 |
| 2902 SSLConfig client_config; | 2938 SSLConfig client_config; |
| 2903 client_config.npn_protos.push_back(kProtoHTTP11); | 2939 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2904 | 2940 |
| 2905 // Start a handshake up to the server Finished message. | 2941 // Start a handshake up to the server Finished message. |
| 2906 TestCompletionCallback callback; | 2942 TestCompletionCallback callback; |
| 2907 FakeBlockingStreamSocket* raw_transport1 = NULL; | 2943 FakeBlockingStreamSocket* raw_transport1 = NULL; |
| 2908 std::unique_ptr<SSLClientSocket> sock1; | 2944 std::unique_ptr<SSLClientSocket> sock1; |
| 2909 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( | 2945 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( |
| 2910 client_config, &callback, &raw_transport1, &sock1)); | 2946 client_config, &callback, &raw_transport1, &sock1)); |
| 2911 // Although raw_transport1 has the server Finished blocked, the handshake | 2947 // Although raw_transport1 has the server Finished blocked, the handshake |
| 2912 // still completes. | 2948 // still completes. |
| 2913 EXPECT_THAT(callback.WaitForResult(), IsOk()); | 2949 EXPECT_THAT(callback.WaitForResult(), IsOk()); |
| (...skipping 29 matching lines...) Expand all Loading... |
| 2943 | 2979 |
| 2944 // Test that False Started sessions are not resumable if the server Finished | 2980 // Test that False Started sessions are not resumable if the server Finished |
| 2945 // message was bad. | 2981 // message was bad. |
| 2946 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) { | 2982 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) { |
| 2947 // Start a server. | 2983 // Start a server. |
| 2948 SpawnedTestServer::SSLOptions server_options; | 2984 SpawnedTestServer::SSLOptions server_options; |
| 2949 server_options.key_exchanges = | 2985 server_options.key_exchanges = |
| 2950 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2986 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2951 server_options.bulk_ciphers = | 2987 server_options.bulk_ciphers = |
| 2952 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2988 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2953 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2989 server_options.alpn_protocols.push_back("http/1.1"); |
| 2954 ASSERT_TRUE(StartTestServer(server_options)); | 2990 ASSERT_TRUE(StartTestServer(server_options)); |
| 2955 | 2991 |
| 2956 SSLConfig client_config; | 2992 SSLConfig client_config; |
| 2957 client_config.npn_protos.push_back(kProtoHTTP11); | 2993 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2958 | 2994 |
| 2959 // Start a handshake up to the server Finished message. | 2995 // Start a handshake up to the server Finished message. |
| 2960 TestCompletionCallback callback; | 2996 TestCompletionCallback callback; |
| 2961 FakeBlockingStreamSocket* raw_transport1 = NULL; | 2997 FakeBlockingStreamSocket* raw_transport1 = NULL; |
| 2962 std::unique_ptr<SSLClientSocket> sock1; | 2998 std::unique_ptr<SSLClientSocket> sock1; |
| 2963 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( | 2999 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( |
| 2964 client_config, &callback, &raw_transport1, &sock1)); | 3000 client_config, &callback, &raw_transport1, &sock1)); |
| 2965 // Although raw_transport1 has the server Finished blocked, the handshake | 3001 // Although raw_transport1 has the server Finished blocked, the handshake |
| 2966 // still completes. | 3002 // still completes. |
| 2967 EXPECT_THAT(callback.WaitForResult(), IsOk()); | 3003 EXPECT_THAT(callback.WaitForResult(), IsOk()); |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3088 // Channel ID. | 3124 // Channel ID. |
| 3089 ssl_config.channel_id_enabled = true; | 3125 ssl_config.channel_id_enabled = true; |
| 3090 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3126 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 3091 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3127 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3092 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 3128 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 3093 EXPECT_TRUE(ssl_info.channel_id_sent); | 3129 EXPECT_TRUE(ssl_info.channel_id_sent); |
| 3094 } | 3130 } |
| 3095 | 3131 |
| 3096 TEST_F(SSLClientSocketTest, NPN) { | 3132 TEST_F(SSLClientSocketTest, NPN) { |
| 3097 SpawnedTestServer::SSLOptions server_options; | 3133 SpawnedTestServer::SSLOptions server_options; |
| 3098 server_options.npn_protocols.push_back(std::string("spdy/3.1")); | 3134 server_options.npn_protocols.push_back("spdy/3.1"); |
| 3099 server_options.npn_protocols.push_back(std::string("h2")); | 3135 server_options.npn_protocols.push_back("h2"); |
| 3100 ASSERT_TRUE(StartTestServer(server_options)); | 3136 ASSERT_TRUE(StartTestServer(server_options)); |
| 3101 | 3137 |
| 3102 SSLConfig client_config; | 3138 SSLConfig client_config; |
| 3103 client_config.npn_protos.push_back(kProtoHTTP2); | 3139 client_config.npn_protos.push_back(kProtoHTTP2); |
| 3104 client_config.npn_protos.push_back(kProtoHTTP11); | 3140 client_config.npn_protos.push_back(kProtoHTTP11); |
| 3105 | 3141 |
| 3106 int rv; | 3142 int rv; |
| 3107 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3143 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3108 EXPECT_THAT(rv, IsOk()); | 3144 EXPECT_THAT(rv, IsOk()); |
| 3109 | 3145 |
| 3110 std::string proto; | 3146 std::string proto; |
| 3111 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); | 3147 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); |
| 3112 EXPECT_EQ("h2", proto); | 3148 EXPECT_EQ("h2", proto); |
| 3113 } | 3149 } |
| 3114 | 3150 |
| 3115 // If npn_protos.empty(), then NPN should be disabled, even if | 3151 // Server preference should win in ALPN. |
| 3116 // !alpn_protos.empty(). Tlslite does not support ALPN, therefore if NPN is | 3152 TEST_F(SSLClientSocketTest, Alpn) { |
| 3117 // disabled in the client, no protocol should be negotiated. | |
| 3118 TEST_F(SSLClientSocketTest, NPNClientDisabled) { | |
| 3119 SpawnedTestServer::SSLOptions server_options; | 3153 SpawnedTestServer::SSLOptions server_options; |
| 3120 server_options.npn_protocols.push_back(std::string("http/1.1")); | 3154 server_options.alpn_protocols.push_back("h2"); |
| 3155 server_options.alpn_protocols.push_back("http/1.1"); |
| 3121 ASSERT_TRUE(StartTestServer(server_options)); | 3156 ASSERT_TRUE(StartTestServer(server_options)); |
| 3122 | 3157 |
| 3123 SSLConfig client_config; | 3158 SSLConfig client_config; |
| 3124 client_config.alpn_protos.push_back(kProtoHTTP11); | 3159 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 3160 client_config.alpn_protos.push_back(kProtoHTTP2); |
| 3125 | 3161 |
| 3126 int rv; | 3162 int rv; |
| 3127 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3163 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3164 EXPECT_THAT(rv, IsOk()); |
| 3165 |
| 3166 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol()); |
| 3167 } |
| 3168 |
| 3169 // If the server supports ALPN but the client does not, then ALPN is not used. |
| 3170 TEST_F(SSLClientSocketTest, AlpnClientDisabled) { |
| 3171 SpawnedTestServer::SSLOptions server_options; |
| 3172 server_options.alpn_protocols.push_back("foo"); |
| 3173 ASSERT_TRUE(StartTestServer(server_options)); |
| 3174 |
| 3175 SSLConfig client_config; |
| 3176 |
| 3177 int rv; |
| 3178 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3128 EXPECT_THAT(rv, IsOk()); | 3179 EXPECT_THAT(rv, IsOk()); |
| 3129 | 3180 |
| 3130 std::string proto; | 3181 std::string proto; |
| 3131 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3182 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
| 3132 sock_->GetNextProto(&proto)); | 3183 sock_->GetNextProto(&proto)); |
| 3133 } | 3184 } |
| 3134 | 3185 |
| 3135 TEST_F(SSLClientSocketTest, NPNServerDisabled) { | 3186 TEST_F(SSLClientSocketTest, NPNServerDisabled) { |
| 3136 SpawnedTestServer::SSLOptions server_options; | 3187 SpawnedTestServer::SSLOptions server_options; |
| 3137 ASSERT_TRUE(StartTestServer(server_options)); | 3188 ASSERT_TRUE(StartTestServer(server_options)); |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3418 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3469 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3419 | 3470 |
| 3420 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); | 3471 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); |
| 3421 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); | 3472 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); |
| 3422 EXPECT_TRUE(ssl_info.cert_status & | 3473 EXPECT_TRUE(ssl_info.cert_status & |
| 3423 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 3474 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
| 3424 EXPECT_TRUE(sock_->IsConnected()); | 3475 EXPECT_TRUE(sock_->IsConnected()); |
| 3425 } | 3476 } |
| 3426 | 3477 |
| 3427 } // namespace net | 3478 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2205433002:
Implement ALPN in tlslite. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master