Chromium Code Reviews Chromium Code Reviews
Issue 2205433002:
Implement ALPN in tlslite. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/socket/ssl_client_socket_unittest.cc |
| diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
| index 06a241e4c920aadac62af434aebdda63f965ab36..c0e6b60c83da0793dd502a77a585c3f1f951e6ba 100644 |
| --- a/net/socket/ssl_client_socket_unittest.cc |
| +++ b/net/socket/ssl_client_socket_unittest.cc |
| @@ -2786,26 +2786,35 @@ TEST_F(SSLClientSocketTest, TokenBindingEnabledWithoutServerSupport) { |
| EXPECT_FALSE(info.token_binding_negotiated); |
| } |
| -// In tests requiring NPN, client_config.alpn_protos and |
| -// client_config.npn_protos both need to be set when using NSS, otherwise NPN is |
| -// disabled due to quirks of the implementation. |
| - |
| -TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
| - // False Start requires NPN/ALPN, ECDHE, and an AEAD. |
| +TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithNPN) { |
| + // False Start requires ALPN or NPN, and ECDHE, and an AEAD. |
| SpawnedTestServer::SSLOptions server_options; |
| server_options.key_exchanges = |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| server_options.bulk_ciphers = |
| SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.npn_protocols.push_back("http/1.1"); |
| SSLConfig client_config; |
| client_config.npn_protos.push_back(kProtoHTTP11); |
| ASSERT_NO_FATAL_FAILURE( |
| TestFalseStart(server_options, client_config, true)); |
| } |
| -// Test that False Start is disabled without NPN. |
| -TEST_F(SSLClientSocketFalseStartTest, NoNPN) { |
| +TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithALPN) { |
| + // False Start requires ALPN or NPN, and ECDHE, and an AEAD. |
| + SpawnedTestServer::SSLOptions server_options; |
| + server_options.key_exchanges = |
| + SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| + server_options.bulk_ciphers = |
| + SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| + SSLConfig client_config; |
| + client_config.alpn_protos.push_back(kProtoHTTP11); |
| + ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); |
| +} |
| + |
| +// Test that False Start is disabled without either ALPN or NPN. |
| +TEST_F(SSLClientSocketFalseStartTest, NoAlpnAndNoNpn) { |
| SpawnedTestServer::SSLOptions server_options; |
| server_options.key_exchanges = |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| @@ -2825,9 +2834,9 @@ TEST_F(SSLClientSocketFalseStartTest, RSA) { |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| server_options.bulk_ciphers = |
| SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| SSLConfig client_config; |
| - client_config.npn_protos.push_back(kProtoHTTP11); |
| + client_config.alpn_protos.push_back(kProtoHTTP11); |
| ASSERT_NO_FATAL_FAILURE( |
| TestFalseStart(server_options, client_config, false)); |
| } |
| @@ -2839,9 +2848,9 @@ TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| server_options.bulk_ciphers = |
| SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| SSLConfig client_config; |
| - client_config.npn_protos.push_back(kProtoHTTP11); |
| + client_config.alpn_protos.push_back(kProtoHTTP11); |
| // DHE is only advertised when deprecated ciphers are enabled. |
| client_config.deprecated_cipher_suites_enabled = true; |
| ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| @@ -2854,9 +2863,9 @@ TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| server_options.bulk_ciphers = |
| SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| SSLConfig client_config; |
| - client_config.npn_protos.push_back(kProtoHTTP11); |
| + client_config.alpn_protos.push_back(kProtoHTTP11); |
| ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| } |
| @@ -2868,9 +2877,9 @@ TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| server_options.bulk_ciphers = |
| SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| SSLConfig client_config; |
| - client_config.npn_protos.push_back(kProtoHTTP11); |
| + client_config.alpn_protos.push_back(kProtoHTTP11); |
| // Let a full handshake complete with False Start. |
| ASSERT_NO_FATAL_FAILURE( |
| @@ -2896,11 +2905,11 @@ TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| server_options.bulk_ciphers = |
| SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| ASSERT_TRUE(StartTestServer(server_options)); |
| SSLConfig client_config; |
| - client_config.npn_protos.push_back(kProtoHTTP11); |
| + client_config.alpn_protos.push_back(kProtoHTTP11); |
| // Start a handshake up to the server Finished message. |
| TestCompletionCallback callback; |
| @@ -2950,11 +2959,11 @@ TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) { |
| SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| server_options.bulk_ciphers = |
| SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| ASSERT_TRUE(StartTestServer(server_options)); |
| SSLConfig client_config; |
| - client_config.npn_protos.push_back(kProtoHTTP11); |
| + client_config.alpn_protos.push_back(kProtoHTTP11); |
| // Start a handshake up to the server Finished message. |
| TestCompletionCallback callback; |
| @@ -3095,8 +3104,8 @@ TEST_F(SSLClientSocketChannelIDTest, ChannelIDShardSessionCache) { |
| TEST_F(SSLClientSocketTest, NPN) { |
| SpawnedTestServer::SSLOptions server_options; |
| - server_options.npn_protocols.push_back(std::string("spdy/3.1")); |
| - server_options.npn_protocols.push_back(std::string("h2")); |
| + server_options.npn_protocols.push_back("spdy/3.1"); |
| + server_options.npn_protocols.push_back("h2"); |
| ASSERT_TRUE(StartTestServer(server_options)); |
| SSLConfig client_config; |
| @@ -3112,16 +3121,32 @@ TEST_F(SSLClientSocketTest, NPN) { |
| EXPECT_EQ("h2", proto); |
| } |
| -// If npn_protos.empty(), then NPN should be disabled, even if |
| -// !alpn_protos.empty(). Tlslite does not support ALPN, therefore if NPN is |
| -// disabled in the client, no protocol should be negotiated. |
| -TEST_F(SSLClientSocketTest, NPNClientDisabled) { |
| +// Server preference SHOULD win in ALPN. |
|
davidben
2016/08/03 23:34:22
SHOULD -> should
Bence
2016/08/04 18:41:44
Done.
|
| +TEST_F(SSLClientSocketTest, Alpn) { |
| SpawnedTestServer::SSLOptions server_options; |
| - server_options.npn_protocols.push_back(std::string("http/1.1")); |
| + server_options.alpn_protocols.push_back("h2"); |
| + server_options.alpn_protocols.push_back("http/1.1"); |
| ASSERT_TRUE(StartTestServer(server_options)); |
| SSLConfig client_config; |
| client_config.alpn_protos.push_back(kProtoHTTP11); |
| + client_config.alpn_protos.push_back(kProtoHTTP2); |
| + |
| + int rv; |
| + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| + EXPECT_THAT(rv, IsOk()); |
| + |
| + std::string proto; |
| + EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol()); |
| +} |
| + |
| +// If the server supports ALPN but the client does not, then ALPN is not used. |
| +TEST_F(SSLClientSocketTest, AlpnClientDisabled) { |
| + SpawnedTestServer::SSLOptions server_options; |
| + server_options.alpn_protocols.push_back("foo"); |
| + ASSERT_TRUE(StartTestServer(server_options)); |
| + |
| + SSLConfig client_config; |
| int rv; |
| ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
