| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 2802 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2813 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); | 2813 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 2814 | 2814 |
| 2815 int rv; | 2815 int rv; |
| 2816 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2816 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2817 EXPECT_THAT(rv, IsOk()); | 2817 EXPECT_THAT(rv, IsOk()); |
| 2818 SSLInfo info; | 2818 SSLInfo info; |
| 2819 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | 2819 EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
| 2820 EXPECT_FALSE(info.token_binding_negotiated); | 2820 EXPECT_FALSE(info.token_binding_negotiated); |
| 2821 } | 2821 } |
| 2822 | 2822 |
| 2823 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithNPN) { | 2823 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
| 2824 // False Start requires ALPN or NPN, and ECDHE, and an AEAD. | 2824 // False Start requires ALPN, ECDHE, and an AEAD. |
| 2825 SpawnedTestServer::SSLOptions server_options; | 2825 SpawnedTestServer::SSLOptions server_options; |
| 2826 server_options.key_exchanges = | 2826 server_options.key_exchanges = |
| 2827 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2827 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2828 server_options.bulk_ciphers = | |
| 2829 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | |
| 2830 server_options.npn_protocols.push_back("http/1.1"); | |
| 2831 SSLConfig client_config; | |
| 2832 client_config.npn_protos.push_back(kProtoHTTP11); | |
| 2833 ASSERT_NO_FATAL_FAILURE( | |
| 2834 TestFalseStart(server_options, client_config, true)); | |
| 2835 } | |
| 2836 | |
| 2837 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabledWithALPN) { | |
| 2838 // False Start requires ALPN or NPN, and ECDHE, and an AEAD. | |
| 2839 SpawnedTestServer::SSLOptions server_options; | |
| 2840 server_options.key_exchanges = | |
| 2841 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | |
| 2842 server_options.bulk_ciphers = | 2828 server_options.bulk_ciphers = |
| 2843 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2829 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2844 server_options.alpn_protocols.push_back("http/1.1"); | 2830 server_options.alpn_protocols.push_back("http/1.1"); |
| 2845 SSLConfig client_config; | 2831 SSLConfig client_config; |
| 2846 client_config.alpn_protos.push_back(kProtoHTTP11); | 2832 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2847 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); | 2833 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); |
| 2848 } | 2834 } |
| 2849 | 2835 |
| 2850 // Test that False Start is disabled without either ALPN or NPN. | 2836 // Test that False Start is disabled without ALPN. |
| 2851 TEST_F(SSLClientSocketFalseStartTest, NoAlpnAndNoNpn) { | 2837 TEST_F(SSLClientSocketFalseStartTest, NoAlpn) { |
| 2852 SpawnedTestServer::SSLOptions server_options; | 2838 SpawnedTestServer::SSLOptions server_options; |
| 2853 server_options.key_exchanges = | 2839 server_options.key_exchanges = |
| 2854 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2840 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2855 server_options.bulk_ciphers = | 2841 server_options.bulk_ciphers = |
| 2856 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2842 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2857 SSLConfig client_config; | 2843 SSLConfig client_config; |
| 2858 client_config.alpn_protos.clear(); | 2844 client_config.alpn_protos.clear(); |
| 2859 client_config.npn_protos.clear(); | |
| 2860 ASSERT_NO_FATAL_FAILURE( | 2845 ASSERT_NO_FATAL_FAILURE( |
| 2861 TestFalseStart(server_options, client_config, false)); | 2846 TestFalseStart(server_options, client_config, false)); |
| 2862 } | 2847 } |
| 2863 | 2848 |
| 2864 // Test that False Start is disabled with plain RSA ciphers. | 2849 // Test that False Start is disabled with plain RSA ciphers. |
| 2865 TEST_F(SSLClientSocketFalseStartTest, RSA) { | 2850 TEST_F(SSLClientSocketFalseStartTest, RSA) { |
| 2866 SpawnedTestServer::SSLOptions server_options; | 2851 SpawnedTestServer::SSLOptions server_options; |
| 2867 server_options.key_exchanges = | 2852 server_options.key_exchanges = |
| 2868 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2853 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2869 server_options.bulk_ciphers = | 2854 server_options.bulk_ciphers = |
| (...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3129 | 3114 |
| 3130 // Enable Channel ID and connect again. This needs a full handshake to assert | 3115 // Enable Channel ID and connect again. This needs a full handshake to assert |
| 3131 // Channel ID. | 3116 // Channel ID. |
| 3132 ssl_config.channel_id_enabled = true; | 3117 ssl_config.channel_id_enabled = true; |
| 3133 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3118 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 3134 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3119 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3135 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 3120 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 3136 EXPECT_TRUE(ssl_info.channel_id_sent); | 3121 EXPECT_TRUE(ssl_info.channel_id_sent); |
| 3137 } | 3122 } |
| 3138 | 3123 |
| 3139 TEST_F(SSLClientSocketTest, NPN) { | |
| 3140 SpawnedTestServer::SSLOptions server_options; | |
| 3141 server_options.npn_protocols.push_back("spdy/3.1"); | |
| 3142 server_options.npn_protocols.push_back("h2"); | |
| 3143 ASSERT_TRUE(StartTestServer(server_options)); | |
| 3144 | |
| 3145 SSLConfig client_config; | |
| 3146 client_config.npn_protos.push_back(kProtoHTTP2); | |
| 3147 client_config.npn_protos.push_back(kProtoHTTP11); | |
| 3148 | |
| 3149 int rv; | |
| 3150 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | |
| 3151 EXPECT_THAT(rv, IsOk()); | |
| 3152 | |
| 3153 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol()); | |
| 3154 } | |
| 3155 | |
| 3156 // Server preference should win in ALPN. | 3124 // Server preference should win in ALPN. |
| 3157 TEST_F(SSLClientSocketTest, Alpn) { | 3125 TEST_F(SSLClientSocketTest, Alpn) { |
| 3158 SpawnedTestServer::SSLOptions server_options; | 3126 SpawnedTestServer::SSLOptions server_options; |
| 3159 server_options.alpn_protocols.push_back("h2"); | 3127 server_options.alpn_protocols.push_back("h2"); |
| 3160 server_options.alpn_protocols.push_back("http/1.1"); | 3128 server_options.alpn_protocols.push_back("http/1.1"); |
| 3161 ASSERT_TRUE(StartTestServer(server_options)); | 3129 ASSERT_TRUE(StartTestServer(server_options)); |
| 3162 | 3130 |
| 3163 SSLConfig client_config; | 3131 SSLConfig client_config; |
| 3164 client_config.alpn_protos.push_back(kProtoHTTP11); | 3132 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 3165 client_config.alpn_protos.push_back(kProtoHTTP2); | 3133 client_config.alpn_protos.push_back(kProtoHTTP2); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 3179 | 3147 |
| 3180 SSLConfig client_config; | 3148 SSLConfig client_config; |
| 3181 | 3149 |
| 3182 int rv; | 3150 int rv; |
| 3183 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3151 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3184 EXPECT_THAT(rv, IsOk()); | 3152 EXPECT_THAT(rv, IsOk()); |
| 3185 | 3153 |
| 3186 EXPECT_EQ(kProtoUnknown, sock_->GetNegotiatedProtocol()); | 3154 EXPECT_EQ(kProtoUnknown, sock_->GetNegotiatedProtocol()); |
| 3187 } | 3155 } |
| 3188 | 3156 |
| 3189 TEST_F(SSLClientSocketTest, NPNServerDisabled) { | |
| 3190 SpawnedTestServer::SSLOptions server_options; | |
| 3191 ASSERT_TRUE(StartTestServer(server_options)); | |
| 3192 | |
| 3193 SSLConfig client_config; | |
| 3194 client_config.npn_protos.push_back(kProtoHTTP11); | |
| 3195 | |
| 3196 int rv; | |
| 3197 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | |
| 3198 EXPECT_THAT(rv, IsOk()); | |
| 3199 | |
| 3200 EXPECT_EQ(kProtoUnknown, sock_->GetNegotiatedProtocol()); | |
| 3201 } | |
| 3202 | |
| 3203 namespace { | 3157 namespace { |
| 3204 | 3158 |
| 3205 // Loads a PEM-encoded private key file into a SSLPrivateKey object. | 3159 // Loads a PEM-encoded private key file into a SSLPrivateKey object. |
| 3206 // |filepath| is the private key file path. | 3160 // |filepath| is the private key file path. |
| 3207 // Returns the new SSLPrivateKey. | 3161 // Returns the new SSLPrivateKey. |
| 3208 scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL( | 3162 scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL( |
| 3209 const base::FilePath& filepath) { | 3163 const base::FilePath& filepath) { |
| 3210 std::string data; | 3164 std::string data; |
| 3211 if (!base::ReadFileToString(filepath, &data)) { | 3165 if (!base::ReadFileToString(filepath, &data)) { |
| 3212 LOG(ERROR) << "Could not read private key file: " << filepath.value(); | 3166 LOG(ERROR) << "Could not read private key file: " << filepath.value(); |
| (...skipping 257 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3470 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3424 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3471 | 3425 |
| 3472 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); | 3426 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); |
| 3473 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); | 3427 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); |
| 3474 EXPECT_TRUE(ssl_info.cert_status & | 3428 EXPECT_TRUE(ssl_info.cert_status & |
| 3475 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 3429 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
| 3476 EXPECT_TRUE(sock_->IsConnected()); | 3430 EXPECT_TRUE(sock_->IsConnected()); |
| 3477 } | 3431 } |
| 3478 | 3432 |
| 3479 } // namespace net | 3433 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2348453002:
Remove NPN from SSLConfig and SSLClientSocket*. (Closed)
