| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 2578 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2589 cert_verifier_->set_default_result(OK); | 2589 cert_verifier_->set_default_result(OK); |
| 2590 | 2590 |
| 2591 // The next connection should perform a full handshake. | 2591 // The next connection should perform a full handshake. |
| 2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2593 ASSERT_THAT(rv, IsOk()); | 2593 ASSERT_THAT(rv, IsOk()); |
| 2594 SSLInfo ssl_info; | 2594 SSLInfo ssl_info; |
| 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2597 } | 2597 } |
| 2598 | 2598 |
| 2599 // Test that DHE is removed but gives a dedicated error. Also test that the | |
| 2600 // dhe_enabled option can restore it. | |
| 2601 TEST_F(SSLClientSocketTest, DHE) { | |
| 2602 SpawnedTestServer::SSLOptions ssl_options; | |
| 2603 ssl_options.key_exchanges = | |
| 2604 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | |
| 2605 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2606 | |
| 2607 // Normal handshakes with DHE do not work, with or without DHE enabled. | |
| 2608 SSLConfig ssl_config; | |
| 2609 int rv; | |
| 2610 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2611 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | |
| 2612 | |
| 2613 ssl_config.dhe_enabled = true; | |
| 2614 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2615 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | |
| 2616 | |
| 2617 // Enabling deprecated ciphers gives DHE a dedicated error code. | |
| 2618 ssl_config.dhe_enabled = false; | |
| 2619 ssl_config.deprecated_cipher_suites_enabled = true; | |
| 2620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2621 EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER)); | |
| 2622 | |
| 2623 // Enabling both deprecated ciphers and DHE restores it. | |
| 2624 ssl_config.dhe_enabled = true; | |
| 2625 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2626 EXPECT_THAT(rv, IsOk()); | |
| 2627 } | |
| 2628 | |
| 2629 // Tests that enabling deprecated ciphers shards the session cache. | |
| 2630 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { | |
| 2631 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | |
| 2632 | |
| 2633 // Prepare a normal and deprecated SSL config. | |
| 2634 SSLConfig ssl_config; | |
| 2635 SSLConfig deprecated_ssl_config; | |
| 2636 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; | |
| 2637 | |
| 2638 // Connect with deprecated ciphers enabled to warm the session cache cache. | |
| 2639 int rv; | |
| 2640 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); | |
| 2641 EXPECT_THAT(rv, IsOk()); | |
| 2642 SSLInfo ssl_info; | |
| 2643 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2644 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2645 | |
| 2646 // Test that re-connecting with deprecated ciphers enabled still resumes. | |
| 2647 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); | |
| 2648 EXPECT_THAT(rv, IsOk()); | |
| 2649 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2650 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | |
| 2651 | |
| 2652 // However, a normal connection needs a full handshake. | |
| 2653 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2654 EXPECT_THAT(rv, IsOk()); | |
| 2655 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2656 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2657 | |
| 2658 // Clear the session cache for the inverse test. | |
| 2659 SSLClientSocket::ClearSessionCache(); | |
| 2660 | |
| 2661 // Now make a normal connection to prime the session cache. | |
| 2662 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2663 EXPECT_THAT(rv, IsOk()); | |
| 2664 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2665 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2666 | |
| 2667 // A normal connection should be able to resume. | |
| 2668 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2669 EXPECT_THAT(rv, IsOk()); | |
| 2670 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2671 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | |
| 2672 | |
| 2673 // However, enabling deprecated ciphers connects fresh. | |
| 2674 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); | |
| 2675 EXPECT_THAT(rv, IsOk()); | |
| 2676 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2677 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2678 } | |
| 2679 | |
| 2680 TEST_F(SSLClientSocketTest, RequireECDHE) { | 2599 TEST_F(SSLClientSocketTest, RequireECDHE) { |
| 2681 // Run test server without ECDHE. | 2600 // Run test server without ECDHE. |
| 2682 SpawnedTestServer::SSLOptions ssl_options; | 2601 SpawnedTestServer::SSLOptions ssl_options; |
| 2683 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2602 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2684 ASSERT_TRUE(StartTestServer(ssl_options)); | 2603 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2685 | 2604 |
| 2686 SSLConfig config; | 2605 SSLConfig config; |
| 2687 config.require_ecdhe = true; | 2606 config.require_ecdhe = true; |
| 2688 int rv; | 2607 int rv; |
| 2689 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); | 2608 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2769 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2688 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2770 server_options.bulk_ciphers = | 2689 server_options.bulk_ciphers = |
| 2771 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2690 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2772 server_options.alpn_protocols.push_back("http/1.1"); | 2691 server_options.alpn_protocols.push_back("http/1.1"); |
| 2773 SSLConfig client_config; | 2692 SSLConfig client_config; |
| 2774 client_config.alpn_protos.push_back(kProtoHTTP11); | 2693 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2775 ASSERT_NO_FATAL_FAILURE( | 2694 ASSERT_NO_FATAL_FAILURE( |
| 2776 TestFalseStart(server_options, client_config, false)); | 2695 TestFalseStart(server_options, client_config, false)); |
| 2777 } | 2696 } |
| 2778 | 2697 |
| 2779 // Test that False Start is disabled with DHE_RSA ciphers. | |
| 2780 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | |
| 2781 SpawnedTestServer::SSLOptions server_options; | |
| 2782 server_options.key_exchanges = | |
| 2783 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | |
| 2784 server_options.bulk_ciphers = | |
| 2785 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | |
| 2786 server_options.alpn_protocols.push_back("http/1.1"); | |
| 2787 SSLConfig client_config; | |
| 2788 client_config.alpn_protos.push_back(kProtoHTTP11); | |
| 2789 // DHE is only advertised when deprecated ciphers are enabled. | |
| 2790 client_config.deprecated_cipher_suites_enabled = true; | |
| 2791 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
| 2792 } | |
| 2793 | |
| 2794 // Test that False Start is disabled without an AEAD. | 2698 // Test that False Start is disabled without an AEAD. |
| 2795 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2699 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
| 2796 SpawnedTestServer::SSLOptions server_options; | 2700 SpawnedTestServer::SSLOptions server_options; |
| 2797 server_options.key_exchanges = | 2701 server_options.key_exchanges = |
| 2798 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2702 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2799 server_options.bulk_ciphers = | 2703 server_options.bulk_ciphers = |
| 2800 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2704 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
| 2801 server_options.alpn_protocols.push_back("http/1.1"); | 2705 server_options.alpn_protocols.push_back("http/1.1"); |
| 2802 SSLConfig client_config; | 2706 SSLConfig client_config; |
| 2803 client_config.alpn_protos.push_back(kProtoHTTP11); | 2707 client_config.alpn_protos.push_back(kProtoHTTP11); |
| (...skipping 837 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3641 // Dump memory again and check that |buffer_size| contain the read buffer. | 3545 // Dump memory again and check that |buffer_size| contain the read buffer. |
| 3642 StreamSocket::SocketMemoryStats stats2; | 3546 StreamSocket::SocketMemoryStats stats2; |
| 3643 sock_->DumpMemoryStats(&stats2); | 3547 sock_->DumpMemoryStats(&stats2); |
| 3644 EXPECT_EQ(17 * 1024u, stats2.buffer_size); | 3548 EXPECT_EQ(17 * 1024u, stats2.buffer_size); |
| 3645 EXPECT_EQ(1u, stats2.cert_count); | 3549 EXPECT_EQ(1u, stats2.cert_count); |
| 3646 EXPECT_LT(0u, stats2.serialized_cert_size); | 3550 EXPECT_LT(0u, stats2.serialized_cert_size); |
| 3647 EXPECT_LT(17 * 1024u, stats2.total_size); | 3551 EXPECT_LT(17 * 1024u, stats2.total_size); |
| 3648 } | 3552 } |
| 3649 | 3553 |
| 3650 } // namespace net | 3554 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2653773003:
Remove remnants of DHE support. (Closed)
