OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <utility> | 10 #include <utility> |
(...skipping 2578 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2589 cert_verifier_->set_default_result(OK); | 2589 cert_verifier_->set_default_result(OK); |
2590 | 2590 |
2591 // The next connection should perform a full handshake. | 2591 // The next connection should perform a full handshake. |
2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2593 ASSERT_THAT(rv, IsOk()); | 2593 ASSERT_THAT(rv, IsOk()); |
2594 SSLInfo ssl_info; | 2594 SSLInfo ssl_info; |
2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
2597 } | 2597 } |
2598 | 2598 |
2599 // Test that DHE is removed. | 2599 // Test that DHE is removed but gives a dedicated error. Also test that the |
2600 TEST_F(SSLClientSocketTest, NoDHE) { | 2600 // dhe_enabled option can restore it. |
| 2601 TEST_F(SSLClientSocketTest, DHE) { |
2601 SpawnedTestServer::SSLOptions ssl_options; | 2602 SpawnedTestServer::SSLOptions ssl_options; |
2602 ssl_options.key_exchanges = | 2603 ssl_options.key_exchanges = |
2603 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2604 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
2604 ASSERT_TRUE(StartTestServer(ssl_options)); | 2605 ASSERT_TRUE(StartTestServer(ssl_options)); |
2605 | 2606 |
| 2607 // Normal handshakes with DHE do not work, with or without DHE enabled. |
2606 SSLConfig ssl_config; | 2608 SSLConfig ssl_config; |
2607 int rv; | 2609 int rv; |
2608 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2610 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2609 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | 2611 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); |
| 2612 |
| 2613 ssl_config.dhe_enabled = true; |
| 2614 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2615 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); |
| 2616 |
| 2617 // Enabling deprecated ciphers gives DHE a dedicated error code. |
| 2618 ssl_config.dhe_enabled = false; |
| 2619 ssl_config.deprecated_cipher_suites_enabled = true; |
| 2620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2621 EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER)); |
| 2622 |
| 2623 // Enabling both deprecated ciphers and DHE restores it. |
| 2624 ssl_config.dhe_enabled = true; |
| 2625 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2626 EXPECT_THAT(rv, IsOk()); |
2610 } | 2627 } |
2611 | 2628 |
2612 // Tests that enabling deprecated ciphers shards the session cache. | 2629 // Tests that enabling deprecated ciphers shards the session cache. |
2613 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { | 2630 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { |
2614 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 2631 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
2615 | 2632 |
2616 // Prepare a normal and deprecated SSL config. | 2633 // Prepare a normal and deprecated SSL config. |
2617 SSLConfig ssl_config; | 2634 SSLConfig ssl_config; |
2618 SSLConfig deprecated_ssl_config; | 2635 SSLConfig deprecated_ssl_config; |
2619 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; | 2636 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2752 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2769 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
2753 server_options.bulk_ciphers = | 2770 server_options.bulk_ciphers = |
2754 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2771 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2755 server_options.alpn_protocols.push_back("http/1.1"); | 2772 server_options.alpn_protocols.push_back("http/1.1"); |
2756 SSLConfig client_config; | 2773 SSLConfig client_config; |
2757 client_config.alpn_protos.push_back(kProtoHTTP11); | 2774 client_config.alpn_protos.push_back(kProtoHTTP11); |
2758 ASSERT_NO_FATAL_FAILURE( | 2775 ASSERT_NO_FATAL_FAILURE( |
2759 TestFalseStart(server_options, client_config, false)); | 2776 TestFalseStart(server_options, client_config, false)); |
2760 } | 2777 } |
2761 | 2778 |
| 2779 // Test that False Start is disabled with DHE_RSA ciphers. |
| 2780 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { |
| 2781 SpawnedTestServer::SSLOptions server_options; |
| 2782 server_options.key_exchanges = |
| 2783 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2784 server_options.bulk_ciphers = |
| 2785 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2786 server_options.alpn_protocols.push_back("http/1.1"); |
| 2787 SSLConfig client_config; |
| 2788 client_config.alpn_protos.push_back(kProtoHTTP11); |
| 2789 // DHE is only advertised when deprecated ciphers are enabled. |
| 2790 client_config.deprecated_cipher_suites_enabled = true; |
| 2791 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| 2792 } |
| 2793 |
2762 // Test that False Start is disabled without an AEAD. | 2794 // Test that False Start is disabled without an AEAD. |
2763 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2795 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
2764 SpawnedTestServer::SSLOptions server_options; | 2796 SpawnedTestServer::SSLOptions server_options; |
2765 server_options.key_exchanges = | 2797 server_options.key_exchanges = |
2766 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2798 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2767 server_options.bulk_ciphers = | 2799 server_options.bulk_ciphers = |
2768 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2800 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
2769 server_options.alpn_protocols.push_back("http/1.1"); | 2801 server_options.alpn_protocols.push_back("http/1.1"); |
2770 SSLConfig client_config; | 2802 SSLConfig client_config; |
2771 client_config.alpn_protos.push_back(kProtoHTTP11); | 2803 client_config.alpn_protos.push_back(kProtoHTTP11); |
(...skipping 837 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3609 // Dump memory again and check that |buffer_size| contain the read buffer. | 3641 // Dump memory again and check that |buffer_size| contain the read buffer. |
3610 StreamSocket::SocketMemoryStats stats2; | 3642 StreamSocket::SocketMemoryStats stats2; |
3611 sock_->DumpMemoryStats(&stats2); | 3643 sock_->DumpMemoryStats(&stats2); |
3612 EXPECT_EQ(17 * 1024u, stats2.buffer_size); | 3644 EXPECT_EQ(17 * 1024u, stats2.buffer_size); |
3613 EXPECT_EQ(1u, stats2.cert_count); | 3645 EXPECT_EQ(1u, stats2.cert_count); |
3614 EXPECT_LT(0u, stats2.serialized_cert_size); | 3646 EXPECT_LT(0u, stats2.serialized_cert_size); |
3615 EXPECT_LT(17 * 1024u, stats2.total_size); | 3647 EXPECT_LT(17 * 1024u, stats2.total_size); |
3616 } | 3648 } |
3617 | 3649 |
3618 } // namespace net | 3650 } // namespace net |
OLD | NEW |