| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/memory/scoped_vector.h" | 9 #include "base/memory/scoped_vector.h" |
| 10 #include "net/base/net_util.h" | 10 #include "net/base/net_util.h" |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); | 125 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); |
| 126 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); | 126 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); |
| 127 StaticSocketDataProvider data2(NULL, 0, NULL, 0); | 127 StaticSocketDataProvider data2(NULL, 0, NULL, 0); |
| 128 mock_socket_factory_.AddSocketDataProvider(&data2); | 128 mock_socket_factory_.AddSocketDataProvider(&data2); |
| 129 | 129 |
| 130 scoped_refptr<HttpNetworkSession> session( | 130 scoped_refptr<HttpNetworkSession> session( |
| 131 new HttpNetworkSession(session_params_)); | 131 new HttpNetworkSession(session_params_)); |
| 132 scoped_ptr<HttpNetworkTransaction> trans( | 132 scoped_ptr<HttpNetworkTransaction> trans( |
| 133 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); | 133 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); |
| 134 | 134 |
| 135 SSLConfig& ssl_config = GetServerSSLConfig(trans.get()); | |
| 136 ssl_config.unrestricted_ssl3_fallback_enabled = false; | |
| 137 | |
| 138 TestCompletionCallback callback; | 135 TestCompletionCallback callback; |
| 139 // This will consume only |ssl_data1|. |ssl_data2| will not be consumed. | 136 // This will consume only |ssl_data1|. |ssl_data2| will not be consumed. |
| 140 int rv = callback.GetResult( | 137 int rv = callback.GetResult( |
| 141 trans->Start(GetRequestInfo("https://www.google.com/"), | 138 trans->Start(GetRequestInfo("https://www.google.com/"), |
| 142 callback.callback(), BoundNetLog())); | 139 callback.callback(), BoundNetLog())); |
| 143 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 140 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 144 | 141 |
| 145 SocketDataProviderArray<SocketDataProvider>& mock_data = | 142 SocketDataProviderArray<SocketDataProvider>& mock_data = |
| 146 mock_socket_factory_.mock_data(); | 143 mock_socket_factory_.mock_data(); |
| 147 // Confirms that only |ssl_data1| is consumed. | 144 // Confirms that only |ssl_data1| is consumed. |
| 148 EXPECT_EQ(1u, mock_data.next_index()); | 145 EXPECT_EQ(1u, mock_data.next_index()); |
| 149 | 146 |
| 147 SSLConfig& ssl_config = GetServerSSLConfig(trans.get()); |
| 150 // |version_max| never fallbacks to SSLv3 for Google properties. | 148 // |version_max| never fallbacks to SSLv3 for Google properties. |
| 151 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max); | 149 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max); |
| 152 EXPECT_FALSE(ssl_config.version_fallback); | 150 EXPECT_FALSE(ssl_config.version_fallback); |
| 153 } | 151 } |
| 154 | 152 |
| 155 // Tests that HttpNetworkTransaction attempts to fallback to SSL 3.0 | 153 // Tests that HttpNetworkTransaction attempts to fallback to SSL 3.0 |
| 156 // when a TLS 1.0 handshake fails and: | 154 // when a TLS 1.0 handshake fails and: |
| 157 // * the site is pinned to the Google pin list (indicating that | 155 // * the site is pinned to the Google pin list (indicating that |
| 158 // it is a Google site); | 156 // it is a Google site); |
| 159 // * unrestricted SSL 3.0 fallback is enabled. | 157 // * unrestricted SSL 3.0 fallback is enabled. |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); | 216 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); |
| 219 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); | 217 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); |
| 220 StaticSocketDataProvider data2(NULL, 0, NULL, 0); | 218 StaticSocketDataProvider data2(NULL, 0, NULL, 0); |
| 221 mock_socket_factory_.AddSocketDataProvider(&data2); | 219 mock_socket_factory_.AddSocketDataProvider(&data2); |
| 222 | 220 |
| 223 scoped_refptr<HttpNetworkSession> session( | 221 scoped_refptr<HttpNetworkSession> session( |
| 224 new HttpNetworkSession(session_params_)); | 222 new HttpNetworkSession(session_params_)); |
| 225 scoped_ptr<HttpNetworkTransaction> trans( | 223 scoped_ptr<HttpNetworkTransaction> trans( |
| 226 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); | 224 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); |
| 227 | 225 |
| 228 SSLConfig& ssl_config = GetServerSSLConfig(trans.get()); | |
| 229 ssl_config.unrestricted_ssl3_fallback_enabled = false; | |
| 230 | |
| 231 TestCompletionCallback callback; | 226 TestCompletionCallback callback; |
| 232 // This will consume |ssl_data1| and |ssl_data2|. | 227 // This will consume |ssl_data1| and |ssl_data2|. |
| 233 int rv = callback.GetResult( | 228 int rv = callback.GetResult( |
| 234 trans->Start(GetRequestInfo("https://www.paypal.com/"), | 229 trans->Start(GetRequestInfo("https://www.paypal.com/"), |
| 235 callback.callback(), BoundNetLog())); | 230 callback.callback(), BoundNetLog())); |
| 236 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 231 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 237 | 232 |
| 238 SocketDataProviderArray<SocketDataProvider>& mock_data = | 233 SocketDataProviderArray<SocketDataProvider>& mock_data = |
| 239 mock_socket_factory_.mock_data(); | 234 mock_socket_factory_.mock_data(); |
| 240 // Confirms that both |ssl_data1| and |ssl_data2| are consumed. | 235 // Confirms that both |ssl_data1| and |ssl_data2| are consumed. |
| 241 EXPECT_EQ(2u, mock_data.next_index()); | 236 EXPECT_EQ(2u, mock_data.next_index()); |
| 242 | 237 |
| 238 SSLConfig& ssl_config = GetServerSSLConfig(trans.get()); |
| 243 // |version_max| fallbacks to SSL 3.0. | 239 // |version_max| fallbacks to SSL 3.0. |
| 244 EXPECT_EQ(SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); | 240 EXPECT_EQ(SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); |
| 245 EXPECT_TRUE(ssl_config.version_fallback); | 241 EXPECT_TRUE(ssl_config.version_fallback); |
| 246 } | 242 } |
| 247 | 243 |
| 248 // Tests that HttpNetworkTransaction attempts to fallback from | 244 // Tests that HttpNetworkTransaction attempts to fallback from |
| 249 // TLS 1.1 to TLS 1.0, then from TLS 1.0 to SSL 3.0. | 245 // TLS 1.1 to TLS 1.0, then from TLS 1.0 to SSL 3.0. |
| 250 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { | 246 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { |
| 251 ssl_config_service_ = new TLS11SSLConfigService; | 247 ssl_config_service_ = new TLS11SSLConfigService; |
| 252 session_params_.ssl_config_service = ssl_config_service_.get(); | 248 session_params_.ssl_config_service = ssl_config_service_.get(); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 271 SSLSocketDataProvider ssl_data3(ASYNC, ERR_SSL_PROTOCOL_ERROR); | 267 SSLSocketDataProvider ssl_data3(ASYNC, ERR_SSL_PROTOCOL_ERROR); |
| 272 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data3); | 268 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data3); |
| 273 StaticSocketDataProvider data3(NULL, 0, NULL, 0); | 269 StaticSocketDataProvider data3(NULL, 0, NULL, 0); |
| 274 mock_socket_factory_.AddSocketDataProvider(&data3); | 270 mock_socket_factory_.AddSocketDataProvider(&data3); |
| 275 | 271 |
| 276 scoped_refptr<HttpNetworkSession> session( | 272 scoped_refptr<HttpNetworkSession> session( |
| 277 new HttpNetworkSession(session_params_)); | 273 new HttpNetworkSession(session_params_)); |
| 278 scoped_ptr<HttpNetworkTransaction> trans( | 274 scoped_ptr<HttpNetworkTransaction> trans( |
| 279 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); | 275 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); |
| 280 | 276 |
| 281 SSLConfig& ssl_config = GetServerSSLConfig(trans.get()); | |
| 282 ssl_config.unrestricted_ssl3_fallback_enabled = true; | |
| 283 | |
| 284 TestCompletionCallback callback; | 277 TestCompletionCallback callback; |
| 285 // This will consume |ssl_data1|, |ssl_data2| and |ssl_data3|. | 278 // This will consume |ssl_data1|, |ssl_data2| and |ssl_data3|. |
| 286 int rv = callback.GetResult( | 279 int rv = callback.GetResult( |
| 287 trans->Start(GetRequestInfo("https://www.paypal.com/"), | 280 trans->Start(GetRequestInfo("https://www.paypal.com/"), |
| 288 callback.callback(), BoundNetLog())); | 281 callback.callback(), BoundNetLog())); |
| 289 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 282 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 290 | 283 |
| 291 SocketDataProviderArray<SocketDataProvider>& mock_data = | 284 SocketDataProviderArray<SocketDataProvider>& mock_data = |
| 292 mock_socket_factory_.mock_data(); | 285 mock_socket_factory_.mock_data(); |
| 293 // Confirms that |ssl_data1|, |ssl_data2| and |ssl_data3| are consumed. | 286 // Confirms that |ssl_data1|, |ssl_data2| and |ssl_data3| are consumed. |
| 294 EXPECT_EQ(3u, mock_data.next_index()); | 287 EXPECT_EQ(3u, mock_data.next_index()); |
| 295 | 288 |
| 289 SSLConfig& ssl_config = GetServerSSLConfig(trans.get()); |
| 296 // |version_max| fallbacks to SSL 3.0. | 290 // |version_max| fallbacks to SSL 3.0. |
| 297 EXPECT_EQ(SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); | 291 EXPECT_EQ(SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); |
| 298 EXPECT_TRUE(ssl_config.version_fallback); | 292 EXPECT_TRUE(ssl_config.version_fallback); |
| 299 } | 293 } |
| 300 | 294 |
| 301 } // namespace net | 295 } // namespace net |
| 302 | 296 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23523016:
net: don't allow SSLv3 fallback for Google properties. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src