OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <utility> | 10 #include <utility> |
(...skipping 2578 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2589 cert_verifier_->set_default_result(OK); | 2589 cert_verifier_->set_default_result(OK); |
2590 | 2590 |
2591 // The next connection should perform a full handshake. | 2591 // The next connection should perform a full handshake. |
2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2593 ASSERT_THAT(rv, IsOk()); | 2593 ASSERT_THAT(rv, IsOk()); |
2594 SSLInfo ssl_info; | 2594 SSLInfo ssl_info; |
2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
2597 } | 2597 } |
2598 | 2598 |
2599 // Test that DHE is removed but gives a dedicated error. Also test that the | 2599 // Test that DHE is removed. |
2600 // dhe_enabled option can restore it. | 2600 TEST_F(SSLClientSocketTest, NoDHE) { |
2601 TEST_F(SSLClientSocketTest, DHE) { | |
2602 SpawnedTestServer::SSLOptions ssl_options; | 2601 SpawnedTestServer::SSLOptions ssl_options; |
2603 ssl_options.key_exchanges = | 2602 ssl_options.key_exchanges = |
2604 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2603 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
2605 ASSERT_TRUE(StartTestServer(ssl_options)); | 2604 ASSERT_TRUE(StartTestServer(ssl_options)); |
2606 | 2605 |
2607 // Normal handshakes with DHE do not work, with or without DHE enabled. | |
2608 SSLConfig ssl_config; | 2606 SSLConfig ssl_config; |
2609 int rv; | 2607 int rv; |
2610 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2608 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2611 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | 2609 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); |
2612 | |
2613 ssl_config.dhe_enabled = true; | |
2614 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2615 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | |
2616 | |
2617 // Enabling deprecated ciphers gives DHE a dedicated error code. | |
2618 ssl_config.dhe_enabled = false; | |
2619 ssl_config.deprecated_cipher_suites_enabled = true; | |
2620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2621 EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER)); | |
2622 | |
2623 // Enabling both deprecated ciphers and DHE restores it. | |
2624 ssl_config.dhe_enabled = true; | |
2625 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2626 EXPECT_THAT(rv, IsOk()); | |
2627 } | 2610 } |
2628 | 2611 |
2629 // Tests that enabling deprecated ciphers shards the session cache. | 2612 // Tests that enabling deprecated ciphers shards the session cache. |
2630 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { | 2613 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { |
2631 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 2614 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
2632 | 2615 |
2633 // Prepare a normal and deprecated SSL config. | 2616 // Prepare a normal and deprecated SSL config. |
2634 SSLConfig ssl_config; | 2617 SSLConfig ssl_config; |
2635 SSLConfig deprecated_ssl_config; | 2618 SSLConfig deprecated_ssl_config; |
2636 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; | 2619 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2769 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2752 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
2770 server_options.bulk_ciphers = | 2753 server_options.bulk_ciphers = |
2771 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2754 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2772 server_options.alpn_protocols.push_back("http/1.1"); | 2755 server_options.alpn_protocols.push_back("http/1.1"); |
2773 SSLConfig client_config; | 2756 SSLConfig client_config; |
2774 client_config.alpn_protos.push_back(kProtoHTTP11); | 2757 client_config.alpn_protos.push_back(kProtoHTTP11); |
2775 ASSERT_NO_FATAL_FAILURE( | 2758 ASSERT_NO_FATAL_FAILURE( |
2776 TestFalseStart(server_options, client_config, false)); | 2759 TestFalseStart(server_options, client_config, false)); |
2777 } | 2760 } |
2778 | 2761 |
2779 // Test that False Start is disabled with DHE_RSA ciphers. | |
2780 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | |
2781 SpawnedTestServer::SSLOptions server_options; | |
2782 server_options.key_exchanges = | |
2783 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | |
2784 server_options.bulk_ciphers = | |
2785 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | |
2786 server_options.alpn_protocols.push_back("http/1.1"); | |
2787 SSLConfig client_config; | |
2788 client_config.alpn_protos.push_back(kProtoHTTP11); | |
2789 // DHE is only advertised when deprecated ciphers are enabled. | |
2790 client_config.deprecated_cipher_suites_enabled = true; | |
2791 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
2792 } | |
2793 | |
2794 // Test that False Start is disabled without an AEAD. | 2762 // Test that False Start is disabled without an AEAD. |
2795 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2763 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
2796 SpawnedTestServer::SSLOptions server_options; | 2764 SpawnedTestServer::SSLOptions server_options; |
2797 server_options.key_exchanges = | 2765 server_options.key_exchanges = |
2798 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2766 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2799 server_options.bulk_ciphers = | 2767 server_options.bulk_ciphers = |
2800 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2768 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
2801 server_options.alpn_protocols.push_back("http/1.1"); | 2769 server_options.alpn_protocols.push_back("http/1.1"); |
2802 SSLConfig client_config; | 2770 SSLConfig client_config; |
2803 client_config.alpn_protos.push_back(kProtoHTTP11); | 2771 client_config.alpn_protos.push_back(kProtoHTTP11); |
(...skipping 837 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3641 // Dump memory again and check that |buffer_size| contain the read buffer. | 3609 // Dump memory again and check that |buffer_size| contain the read buffer. |
3642 StreamSocket::SocketMemoryStats stats2; | 3610 StreamSocket::SocketMemoryStats stats2; |
3643 sock_->DumpMemoryStats(&stats2); | 3611 sock_->DumpMemoryStats(&stats2); |
3644 EXPECT_EQ(17 * 1024u, stats2.buffer_size); | 3612 EXPECT_EQ(17 * 1024u, stats2.buffer_size); |
3645 EXPECT_EQ(1u, stats2.cert_count); | 3613 EXPECT_EQ(1u, stats2.cert_count); |
3646 EXPECT_LT(0u, stats2.serialized_cert_size); | 3614 EXPECT_LT(0u, stats2.serialized_cert_size); |
3647 EXPECT_LT(17 * 1024u, stats2.total_size); | 3615 EXPECT_LT(17 * 1024u, stats2.total_size); |
3648 } | 3616 } |
3649 | 3617 |
3650 } // namespace net | 3618 } // namespace net |
OLD | NEW |