| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 2578 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2589 cert_verifier_->set_default_result(OK); | 2589 cert_verifier_->set_default_result(OK); |
| 2590 | 2590 |
| 2591 // The next connection should perform a full handshake. | 2591 // The next connection should perform a full handshake. |
| 2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2593 ASSERT_THAT(rv, IsOk()); | 2593 ASSERT_THAT(rv, IsOk()); |
| 2594 SSLInfo ssl_info; | 2594 SSLInfo ssl_info; |
| 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2597 } | 2597 } |
| 2598 | 2598 |
| 2599 // Test that DHE is removed but gives a dedicated error. Also test that the | 2599 // Test that DHE is removed. |
| 2600 // dhe_enabled option can restore it. | 2600 TEST_F(SSLClientSocketTest, NoDHE) { |
| 2601 TEST_F(SSLClientSocketTest, DHE) { | |
| 2602 SpawnedTestServer::SSLOptions ssl_options; | 2601 SpawnedTestServer::SSLOptions ssl_options; |
| 2603 ssl_options.key_exchanges = | 2602 ssl_options.key_exchanges = |
| 2604 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2603 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2605 ASSERT_TRUE(StartTestServer(ssl_options)); | 2604 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2606 | 2605 |
| 2607 // Normal handshakes with DHE do not work, with or without DHE enabled. | |
| 2608 SSLConfig ssl_config; | 2606 SSLConfig ssl_config; |
| 2609 int rv; | 2607 int rv; |
| 2610 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2608 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2611 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | 2609 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); |
| 2612 | |
| 2613 ssl_config.dhe_enabled = true; | |
| 2614 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2615 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | |
| 2616 | |
| 2617 // Enabling deprecated ciphers gives DHE a dedicated error code. | |
| 2618 ssl_config.dhe_enabled = false; | |
| 2619 ssl_config.deprecated_cipher_suites_enabled = true; | |
| 2620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2621 EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER)); | |
| 2622 | |
| 2623 // Enabling both deprecated ciphers and DHE restores it. | |
| 2624 ssl_config.dhe_enabled = true; | |
| 2625 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2626 EXPECT_THAT(rv, IsOk()); | |
| 2627 } | 2610 } |
| 2628 | 2611 |
| 2629 // Tests that enabling deprecated ciphers shards the session cache. | 2612 // Tests that enabling deprecated ciphers shards the session cache. |
| 2630 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { | 2613 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { |
| 2631 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 2614 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
| 2632 | 2615 |
| 2633 // Prepare a normal and deprecated SSL config. | 2616 // Prepare a normal and deprecated SSL config. |
| 2634 SSLConfig ssl_config; | 2617 SSLConfig ssl_config; |
| 2635 SSLConfig deprecated_ssl_config; | 2618 SSLConfig deprecated_ssl_config; |
| 2636 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; | 2619 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2769 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2752 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2770 server_options.bulk_ciphers = | 2753 server_options.bulk_ciphers = |
| 2771 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2754 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2772 server_options.alpn_protocols.push_back("http/1.1"); | 2755 server_options.alpn_protocols.push_back("http/1.1"); |
| 2773 SSLConfig client_config; | 2756 SSLConfig client_config; |
| 2774 client_config.alpn_protos.push_back(kProtoHTTP11); | 2757 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2775 ASSERT_NO_FATAL_FAILURE( | 2758 ASSERT_NO_FATAL_FAILURE( |
| 2776 TestFalseStart(server_options, client_config, false)); | 2759 TestFalseStart(server_options, client_config, false)); |
| 2777 } | 2760 } |
| 2778 | 2761 |
| 2779 // Test that False Start is disabled with DHE_RSA ciphers. | |
| 2780 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | |
| 2781 SpawnedTestServer::SSLOptions server_options; | |
| 2782 server_options.key_exchanges = | |
| 2783 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | |
| 2784 server_options.bulk_ciphers = | |
| 2785 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | |
| 2786 server_options.alpn_protocols.push_back("http/1.1"); | |
| 2787 SSLConfig client_config; | |
| 2788 client_config.alpn_protos.push_back(kProtoHTTP11); | |
| 2789 // DHE is only advertised when deprecated ciphers are enabled. | |
| 2790 client_config.deprecated_cipher_suites_enabled = true; | |
| 2791 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
| 2792 } | |
| 2793 | |
| 2794 // Test that False Start is disabled without an AEAD. | 2762 // Test that False Start is disabled without an AEAD. |
| 2795 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2763 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
| 2796 SpawnedTestServer::SSLOptions server_options; | 2764 SpawnedTestServer::SSLOptions server_options; |
| 2797 server_options.key_exchanges = | 2765 server_options.key_exchanges = |
| 2798 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2766 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2799 server_options.bulk_ciphers = | 2767 server_options.bulk_ciphers = |
| 2800 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2768 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
| 2801 server_options.alpn_protocols.push_back("http/1.1"); | 2769 server_options.alpn_protocols.push_back("http/1.1"); |
| 2802 SSLConfig client_config; | 2770 SSLConfig client_config; |
| 2803 client_config.alpn_protos.push_back(kProtoHTTP11); | 2771 client_config.alpn_protos.push_back(kProtoHTTP11); |
| (...skipping 837 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3641 // Dump memory again and check that |buffer_size| contain the read buffer. | 3609 // Dump memory again and check that |buffer_size| contain the read buffer. |
| 3642 StreamSocket::SocketMemoryStats stats2; | 3610 StreamSocket::SocketMemoryStats stats2; |
| 3643 sock_->DumpMemoryStats(&stats2); | 3611 sock_->DumpMemoryStats(&stats2); |
| 3644 EXPECT_EQ(17 * 1024u, stats2.buffer_size); | 3612 EXPECT_EQ(17 * 1024u, stats2.buffer_size); |
| 3645 EXPECT_EQ(1u, stats2.cert_count); | 3613 EXPECT_EQ(1u, stats2.cert_count); |
| 3646 EXPECT_LT(0u, stats2.serialized_cert_size); | 3614 EXPECT_LT(0u, stats2.serialized_cert_size); |
| 3647 EXPECT_LT(17 * 1024u, stats2.total_size); | 3615 EXPECT_LT(17 * 1024u, stats2.total_size); |
| 3648 } | 3616 } |
| 3649 | 3617 |
| 3650 } // namespace net | 3618 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2653773003:
Remove remnants of DHE support. (Closed)
