| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 2549 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2560 | 2560 |
| 2561 SSLClientSocket::ClearSessionCache(); | 2561 SSLClientSocket::ClearSessionCache(); |
| 2562 | 2562 |
| 2563 // After clearing the session cache, the next handshake doesn't resume. | 2563 // After clearing the session cache, the next handshake doesn't resume. |
| 2564 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2564 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2565 ASSERT_THAT(rv, IsOk()); | 2565 ASSERT_THAT(rv, IsOk()); |
| 2566 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2566 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2567 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 2567 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2568 } | 2568 } |
| 2569 | 2569 |
| 2570 // Tests that ALPN works with session resumption. |
| 2571 TEST_F(SSLClientSocketTest, SessionResumptionAlpn) { |
| 2572 SpawnedTestServer::SSLOptions ssl_options; |
| 2573 ssl_options.alpn_protocols.push_back("h2"); |
| 2574 ssl_options.alpn_protocols.push_back("http/1.1"); |
| 2575 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2576 |
| 2577 // First, perform a full handshake. |
| 2578 SSLConfig ssl_config; |
| 2579 // Disable TLS False Start to ensure the handshake has completed. |
| 2580 ssl_config.false_start_enabled = false; |
| 2581 ssl_config.alpn_protos.push_back(kProtoHTTP2); |
| 2582 int rv; |
| 2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2584 ASSERT_THAT(rv, IsOk()); |
| 2585 SSLInfo ssl_info; |
| 2586 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2587 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2588 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol()); |
| 2589 |
| 2590 // The next connection should resume; ALPN should be renegotiated. |
| 2591 ssl_config.alpn_protos.clear(); |
| 2592 ssl_config.alpn_protos.push_back(kProtoHTTP11); |
| 2593 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2594 ASSERT_THAT(rv, IsOk()); |
| 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
| 2597 EXPECT_EQ(kProtoHTTP11, sock_->GetNegotiatedProtocol()); |
| 2598 } |
| 2599 |
| 2570 // Tests that connections with certificate errors do not add entries to the | 2600 // Tests that connections with certificate errors do not add entries to the |
| 2571 // session cache. | 2601 // session cache. |
| 2572 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { | 2602 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { |
| 2573 SpawnedTestServer::SSLOptions ssl_options; | 2603 SpawnedTestServer::SSLOptions ssl_options; |
| 2574 ASSERT_TRUE(StartTestServer(ssl_options)); | 2604 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2575 | 2605 |
| 2576 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); | 2606 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); |
| 2577 | 2607 |
| 2578 SSLConfig ssl_config; | 2608 SSLConfig ssl_config; |
| 2579 int rv; | 2609 int rv; |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2779 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); | 2809 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 2780 | 2810 |
| 2781 int rv; | 2811 int rv; |
| 2782 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2812 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2783 EXPECT_THAT(rv, IsOk()); | 2813 EXPECT_THAT(rv, IsOk()); |
| 2784 SSLInfo info; | 2814 SSLInfo info; |
| 2785 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | 2815 EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
| 2786 EXPECT_FALSE(info.token_binding_negotiated); | 2816 EXPECT_FALSE(info.token_binding_negotiated); |
| 2787 } | 2817 } |
| 2788 | 2818 |
| 2789 // In tests requiring NPN, client_config.alpn_protos and | 2819 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithNPN) { |
| 2790 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is | 2820 // False Start requires ALPN or NPN, and ECDHE, and an AEAD. |
| 2791 // disabled due to quirks of the implementation. | |
| 2792 | |
| 2793 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | |
| 2794 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | |
| 2795 SpawnedTestServer::SSLOptions server_options; | 2821 SpawnedTestServer::SSLOptions server_options; |
| 2796 server_options.key_exchanges = | 2822 server_options.key_exchanges = |
| 2797 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2823 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2798 server_options.bulk_ciphers = | 2824 server_options.bulk_ciphers = |
| 2799 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2825 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2800 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2826 server_options.npn_protocols.push_back("http/1.1"); |
| 2801 SSLConfig client_config; | 2827 SSLConfig client_config; |
| 2802 client_config.npn_protos.push_back(kProtoHTTP11); | 2828 client_config.npn_protos.push_back(kProtoHTTP11); |
| 2803 ASSERT_NO_FATAL_FAILURE( | 2829 ASSERT_NO_FATAL_FAILURE( |
| 2804 TestFalseStart(server_options, client_config, true)); | 2830 TestFalseStart(server_options, client_config, true)); |
| 2805 } | 2831 } |
| 2806 | 2832 |
| 2807 // Test that False Start is disabled without NPN. | 2833 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithALPN) { |
| 2808 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { | 2834 // False Start requires ALPN or NPN, and ECDHE, and an AEAD. |
| 2809 SpawnedTestServer::SSLOptions server_options; | 2835 SpawnedTestServer::SSLOptions server_options; |
| 2810 server_options.key_exchanges = | 2836 server_options.key_exchanges = |
| 2811 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2837 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2838 server_options.bulk_ciphers = |
| 2839 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2840 server_options.alpn_protocols.push_back("http/1.1"); |
| 2841 SSLConfig client_config; |
| 2842 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2843 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); |
| 2844 } |
| 2845 |
| 2846 // Test that False Start is disabled without either ALPN or NPN. |
| 2847 TEST_F(SSLClientSocketFalseStartTest, NoAlpnAndNoNpn) { |
| 2848 SpawnedTestServer::SSLOptions server_options; |
| 2849 server_options.key_exchanges = |
| 2850 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2812 server_options.bulk_ciphers = | 2851 server_options.bulk_ciphers = |
| 2813 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2852 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2814 SSLConfig client_config; | 2853 SSLConfig client_config; |
| 2815 client_config.alpn_protos.clear(); | 2854 client_config.alpn_protos.clear(); |
| 2816 client_config.npn_protos.clear(); | 2855 client_config.npn_protos.clear(); |
| 2817 ASSERT_NO_FATAL_FAILURE( | 2856 ASSERT_NO_FATAL_FAILURE( |
| 2818 TestFalseStart(server_options, client_config, false)); | 2857 TestFalseStart(server_options, client_config, false)); |
| 2819 } | 2858 } |
| 2820 | 2859 |
| 2821 // Test that False Start is disabled with plain RSA ciphers. | 2860 // Test that False Start is disabled with plain RSA ciphers. |
| 2822 TEST_F(SSLClientSocketFalseStartTest, RSA) { | 2861 TEST_F(SSLClientSocketFalseStartTest, RSA) { |
| 2823 SpawnedTestServer::SSLOptions server_options; | 2862 SpawnedTestServer::SSLOptions server_options; |
| 2824 server_options.key_exchanges = | 2863 server_options.key_exchanges = |
| 2825 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2864 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2826 server_options.bulk_ciphers = | 2865 server_options.bulk_ciphers = |
| 2827 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2866 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2828 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2867 server_options.alpn_protocols.push_back("http/1.1"); |
| 2829 SSLConfig client_config; | 2868 SSLConfig client_config; |
| 2830 client_config.npn_protos.push_back(kProtoHTTP11); | 2869 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2831 ASSERT_NO_FATAL_FAILURE( | 2870 ASSERT_NO_FATAL_FAILURE( |
| 2832 TestFalseStart(server_options, client_config, false)); | 2871 TestFalseStart(server_options, client_config, false)); |
| 2833 } | 2872 } |
| 2834 | 2873 |
| 2835 // Test that False Start is disabled with DHE_RSA ciphers. | 2874 // Test that False Start is disabled with DHE_RSA ciphers. |
| 2836 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | 2875 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { |
| 2837 SpawnedTestServer::SSLOptions server_options; | 2876 SpawnedTestServer::SSLOptions server_options; |
| 2838 server_options.key_exchanges = | 2877 server_options.key_exchanges = |
| 2839 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2878 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2840 server_options.bulk_ciphers = | 2879 server_options.bulk_ciphers = |
| 2841 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2880 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2842 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2881 server_options.alpn_protocols.push_back("http/1.1"); |
| 2843 SSLConfig client_config; | 2882 SSLConfig client_config; |
| 2844 client_config.npn_protos.push_back(kProtoHTTP11); | 2883 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2845 // DHE is only advertised when deprecated ciphers are enabled. | 2884 // DHE is only advertised when deprecated ciphers are enabled. |
| 2846 client_config.deprecated_cipher_suites_enabled = true; | 2885 client_config.deprecated_cipher_suites_enabled = true; |
| 2847 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | 2886 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| 2848 } | 2887 } |
| 2849 | 2888 |
| 2850 // Test that False Start is disabled without an AEAD. | 2889 // Test that False Start is disabled without an AEAD. |
| 2851 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2890 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
| 2852 SpawnedTestServer::SSLOptions server_options; | 2891 SpawnedTestServer::SSLOptions server_options; |
| 2853 server_options.key_exchanges = | 2892 server_options.key_exchanges = |
| 2854 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2893 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2855 server_options.bulk_ciphers = | 2894 server_options.bulk_ciphers = |
| 2856 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2895 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
| 2857 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2896 server_options.alpn_protocols.push_back("http/1.1"); |
| 2858 SSLConfig client_config; | 2897 SSLConfig client_config; |
| 2859 client_config.npn_protos.push_back(kProtoHTTP11); | 2898 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2860 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | 2899 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| 2861 } | 2900 } |
| 2862 | 2901 |
| 2863 // Test that sessions are resumable after receiving the server Finished message. | 2902 // Test that sessions are resumable after receiving the server Finished message. |
| 2864 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { | 2903 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
| 2865 // Start a server. | 2904 // Start a server. |
| 2866 SpawnedTestServer::SSLOptions server_options; | 2905 SpawnedTestServer::SSLOptions server_options; |
| 2867 server_options.key_exchanges = | 2906 server_options.key_exchanges = |
| 2868 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2907 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2869 server_options.bulk_ciphers = | 2908 server_options.bulk_ciphers = |
| 2870 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2909 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2871 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2910 server_options.alpn_protocols.push_back("http/1.1"); |
| 2872 SSLConfig client_config; | 2911 SSLConfig client_config; |
| 2873 client_config.npn_protos.push_back(kProtoHTTP11); | 2912 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2874 | 2913 |
| 2875 // Let a full handshake complete with False Start. | 2914 // Let a full handshake complete with False Start. |
| 2876 ASSERT_NO_FATAL_FAILURE( | 2915 ASSERT_NO_FATAL_FAILURE( |
| 2877 TestFalseStart(server_options, client_config, true)); | 2916 TestFalseStart(server_options, client_config, true)); |
| 2878 | 2917 |
| 2879 // Make a second connection. | 2918 // Make a second connection. |
| 2880 int rv; | 2919 int rv; |
| 2881 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 2920 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 2882 EXPECT_THAT(rv, IsOk()); | 2921 EXPECT_THAT(rv, IsOk()); |
| 2883 | 2922 |
| 2884 // It should resume the session. | 2923 // It should resume the session. |
| 2885 SSLInfo ssl_info; | 2924 SSLInfo ssl_info; |
| 2886 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2925 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2887 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | 2926 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
| 2888 } | 2927 } |
| 2889 | 2928 |
| 2890 // Test that False Started sessions are not resumable before receiving the | 2929 // Test that False Started sessions are not resumable before receiving the |
| 2891 // server Finished message. | 2930 // server Finished message. |
| 2892 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { | 2931 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { |
| 2893 // Start a server. | 2932 // Start a server. |
| 2894 SpawnedTestServer::SSLOptions server_options; | 2933 SpawnedTestServer::SSLOptions server_options; |
| 2895 server_options.key_exchanges = | 2934 server_options.key_exchanges = |
| 2896 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2935 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2897 server_options.bulk_ciphers = | 2936 server_options.bulk_ciphers = |
| 2898 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2937 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2899 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2938 server_options.alpn_protocols.push_back("http/1.1"); |
| 2900 ASSERT_TRUE(StartTestServer(server_options)); | 2939 ASSERT_TRUE(StartTestServer(server_options)); |
| 2901 | 2940 |
| 2902 SSLConfig client_config; | 2941 SSLConfig client_config; |
| 2903 client_config.npn_protos.push_back(kProtoHTTP11); | 2942 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2904 | 2943 |
| 2905 // Start a handshake up to the server Finished message. | 2944 // Start a handshake up to the server Finished message. |
| 2906 TestCompletionCallback callback; | 2945 TestCompletionCallback callback; |
| 2907 FakeBlockingStreamSocket* raw_transport1 = NULL; | 2946 FakeBlockingStreamSocket* raw_transport1 = NULL; |
| 2908 std::unique_ptr<SSLClientSocket> sock1; | 2947 std::unique_ptr<SSLClientSocket> sock1; |
| 2909 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( | 2948 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( |
| 2910 client_config, &callback, &raw_transport1, &sock1)); | 2949 client_config, &callback, &raw_transport1, &sock1)); |
| 2911 // Although raw_transport1 has the server Finished blocked, the handshake | 2950 // Although raw_transport1 has the server Finished blocked, the handshake |
| 2912 // still completes. | 2951 // still completes. |
| 2913 EXPECT_THAT(callback.WaitForResult(), IsOk()); | 2952 EXPECT_THAT(callback.WaitForResult(), IsOk()); |
| (...skipping 29 matching lines...) Expand all Loading... |
| 2943 | 2982 |
| 2944 // Test that False Started sessions are not resumable if the server Finished | 2983 // Test that False Started sessions are not resumable if the server Finished |
| 2945 // message was bad. | 2984 // message was bad. |
| 2946 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) { | 2985 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) { |
| 2947 // Start a server. | 2986 // Start a server. |
| 2948 SpawnedTestServer::SSLOptions server_options; | 2987 SpawnedTestServer::SSLOptions server_options; |
| 2949 server_options.key_exchanges = | 2988 server_options.key_exchanges = |
| 2950 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2989 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2951 server_options.bulk_ciphers = | 2990 server_options.bulk_ciphers = |
| 2952 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2991 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2953 server_options.npn_protocols.push_back(std::string("http/1.1")); | 2992 server_options.alpn_protocols.push_back("http/1.1"); |
| 2954 ASSERT_TRUE(StartTestServer(server_options)); | 2993 ASSERT_TRUE(StartTestServer(server_options)); |
| 2955 | 2994 |
| 2956 SSLConfig client_config; | 2995 SSLConfig client_config; |
| 2957 client_config.npn_protos.push_back(kProtoHTTP11); | 2996 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2958 | 2997 |
| 2959 // Start a handshake up to the server Finished message. | 2998 // Start a handshake up to the server Finished message. |
| 2960 TestCompletionCallback callback; | 2999 TestCompletionCallback callback; |
| 2961 FakeBlockingStreamSocket* raw_transport1 = NULL; | 3000 FakeBlockingStreamSocket* raw_transport1 = NULL; |
| 2962 std::unique_ptr<SSLClientSocket> sock1; | 3001 std::unique_ptr<SSLClientSocket> sock1; |
| 2963 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( | 3002 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( |
| 2964 client_config, &callback, &raw_transport1, &sock1)); | 3003 client_config, &callback, &raw_transport1, &sock1)); |
| 2965 // Although raw_transport1 has the server Finished blocked, the handshake | 3004 // Although raw_transport1 has the server Finished blocked, the handshake |
| 2966 // still completes. | 3005 // still completes. |
| 2967 EXPECT_THAT(callback.WaitForResult(), IsOk()); | 3006 EXPECT_THAT(callback.WaitForResult(), IsOk()); |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3088 // Channel ID. | 3127 // Channel ID. |
| 3089 ssl_config.channel_id_enabled = true; | 3128 ssl_config.channel_id_enabled = true; |
| 3090 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3129 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 3091 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3130 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3092 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 3131 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 3093 EXPECT_TRUE(ssl_info.channel_id_sent); | 3132 EXPECT_TRUE(ssl_info.channel_id_sent); |
| 3094 } | 3133 } |
| 3095 | 3134 |
| 3096 TEST_F(SSLClientSocketTest, NPN) { | 3135 TEST_F(SSLClientSocketTest, NPN) { |
| 3097 SpawnedTestServer::SSLOptions server_options; | 3136 SpawnedTestServer::SSLOptions server_options; |
| 3098 server_options.npn_protocols.push_back(std::string("spdy/3.1")); | 3137 server_options.npn_protocols.push_back("spdy/3.1"); |
| 3099 server_options.npn_protocols.push_back(std::string("h2")); | 3138 server_options.npn_protocols.push_back("h2"); |
| 3100 ASSERT_TRUE(StartTestServer(server_options)); | 3139 ASSERT_TRUE(StartTestServer(server_options)); |
| 3101 | 3140 |
| 3102 SSLConfig client_config; | 3141 SSLConfig client_config; |
| 3103 client_config.npn_protos.push_back(kProtoHTTP2); | 3142 client_config.npn_protos.push_back(kProtoHTTP2); |
| 3104 client_config.npn_protos.push_back(kProtoHTTP11); | 3143 client_config.npn_protos.push_back(kProtoHTTP11); |
| 3105 | 3144 |
| 3106 int rv; | 3145 int rv; |
| 3107 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3146 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3108 EXPECT_THAT(rv, IsOk()); | 3147 EXPECT_THAT(rv, IsOk()); |
| 3109 | 3148 |
| 3110 std::string proto; | 3149 std::string proto; |
| 3111 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); | 3150 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); |
| 3112 EXPECT_EQ("h2", proto); | 3151 EXPECT_EQ("h2", proto); |
| 3113 } | 3152 } |
| 3114 | 3153 |
| 3115 // If npn_protos.empty(), then NPN should be disabled, even if | 3154 // Server preference should win in ALPN. |
| 3116 // !alpn_protos.empty(). Tlslite does not support ALPN, therefore if NPN is | 3155 TEST_F(SSLClientSocketTest, Alpn) { |
| 3117 // disabled in the client, no protocol should be negotiated. | |
| 3118 TEST_F(SSLClientSocketTest, NPNClientDisabled) { | |
| 3119 SpawnedTestServer::SSLOptions server_options; | 3156 SpawnedTestServer::SSLOptions server_options; |
| 3120 server_options.npn_protocols.push_back(std::string("http/1.1")); | 3157 server_options.alpn_protocols.push_back("h2"); |
| 3158 server_options.alpn_protocols.push_back("http/1.1"); |
| 3121 ASSERT_TRUE(StartTestServer(server_options)); | 3159 ASSERT_TRUE(StartTestServer(server_options)); |
| 3122 | 3160 |
| 3123 SSLConfig client_config; | 3161 SSLConfig client_config; |
| 3124 client_config.alpn_protos.push_back(kProtoHTTP11); | 3162 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 3163 client_config.alpn_protos.push_back(kProtoHTTP2); |
| 3125 | 3164 |
| 3126 int rv; | 3165 int rv; |
| 3127 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3166 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3167 EXPECT_THAT(rv, IsOk()); |
| 3168 |
| 3169 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol()); |
| 3170 } |
| 3171 |
| 3172 // If the server supports ALPN but the client does not, then ALPN is not used. |
| 3173 TEST_F(SSLClientSocketTest, AlpnClientDisabled) { |
| 3174 SpawnedTestServer::SSLOptions server_options; |
| 3175 server_options.alpn_protocols.push_back("foo"); |
| 3176 ASSERT_TRUE(StartTestServer(server_options)); |
| 3177 |
| 3178 SSLConfig client_config; |
| 3179 |
| 3180 int rv; |
| 3181 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3128 EXPECT_THAT(rv, IsOk()); | 3182 EXPECT_THAT(rv, IsOk()); |
| 3129 | 3183 |
| 3130 std::string proto; | 3184 std::string proto; |
| 3131 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3185 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
| 3132 sock_->GetNextProto(&proto)); | 3186 sock_->GetNextProto(&proto)); |
| 3133 } | 3187 } |
| 3134 | 3188 |
| 3135 TEST_F(SSLClientSocketTest, NPNServerDisabled) { | 3189 TEST_F(SSLClientSocketTest, NPNServerDisabled) { |
| 3136 SpawnedTestServer::SSLOptions server_options; | 3190 SpawnedTestServer::SSLOptions server_options; |
| 3137 ASSERT_TRUE(StartTestServer(server_options)); | 3191 ASSERT_TRUE(StartTestServer(server_options)); |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3418 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3472 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3419 | 3473 |
| 3420 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); | 3474 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); |
| 3421 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); | 3475 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); |
| 3422 EXPECT_TRUE(ssl_info.cert_status & | 3476 EXPECT_TRUE(ssl_info.cert_status & |
| 3423 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 3477 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
| 3424 EXPECT_TRUE(sock_->IsConnected()); | 3478 EXPECT_TRUE(sock_->IsConnected()); |
| 3425 } | 3479 } |
| 3426 | 3480 |
| 3427 } // namespace net | 3481 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2205433002:
Implement ALPN in tlslite. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master