Index: chrome/browser/ssl/ssl_browser_tests.cc |
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc |
index ad0ecec81037a155cea230351eefdba728c168c6..13feee0f5e231487624f8606f2668f4e1c46e352 100644 |
--- a/chrome/browser/ssl/ssl_browser_tests.cc |
+++ b/chrome/browser/ssl/ssl_browser_tests.cc |
@@ -308,7 +308,10 @@ class SSLUITest : public InProcessBrowserTest { |
https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS), |
wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, |
SSLOptions(SSLOptions::CERT_EXPIRED), |
- net::GetWebSocketTestDataDirectory()) { |
+ net::GetWebSocketTestDataDirectory()), |
+ wss_server_mismatched_(net::SpawnedTestServer::TYPE_WSS, |
+ SSLOptions(SSLOptions::CERT_MISMATCHED_NAME), |
+ net::GetWebSocketTestDataDirectory()) { |
https_server_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); |
@@ -618,6 +621,7 @@ class SSLUITest : public InProcessBrowserTest { |
net::EmbeddedTestServer https_server_expired_; |
net::EmbeddedTestServer https_server_mismatched_; |
net::SpawnedTestServer wss_server_expired_; |
+ net::SpawnedTestServer wss_server_mismatched_; |
protected: |
// Navigates to an interstitial and clicks through the certificate |
@@ -676,6 +680,21 @@ class SSLUITestIgnoreCertErrors : public SSLUITest { |
} |
}; |
+class SSLUITestIgnoreCertErrorsBySPKI : public SSLUITest { |
+ public: |
+ SSLUITestIgnoreCertErrorsBySPKI() : SSLUITest() {} |
+ |
+ void SetUpCommandLine(base::CommandLine* command_line) override { |
+ // Browser will ignore certificate errors for chains matching one of the |
+ // public keys from the list. |
+ command_line->AppendSwitchASCII( |
+ switches::kIgnoreCertificateErrorsSPKIList, |
+ "2zCMVDKgnKec0721Sp1zVh2yiHeW/LJK4STkNnEa1og=," // wss_mismatched_ |
+ "gTjFgaNzSnz5cxMlIfW1WfGGJVzf11v+YePflME9WSU=" // wss_expired_ |
+ ); |
+ } |
+}; |
+ |
class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
public: |
SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} |
@@ -2657,6 +2676,57 @@ IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) { |
EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); |
} |
+// Visit a page and establish a WebSocket connection over bad https with |
+// --disable-certificate-errors-spki-list. The connection should be established |
+// without interstitial page showing. |
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSMismatched) { |
+ ASSERT_TRUE(embedded_test_server()->Start()); |
+ ASSERT_TRUE(wss_server_mismatched_.Start()); |
+ |
+ // Setup page title observer. |
+ WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
+ content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); |
+ watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); |
+ |
+ // Visit bad HTTPS page. |
+ GURL::Replacements replacements; |
+ replacements.SetSchemeStr("https"); |
+ ui_test_utils::NavigateToURL( |
+ browser(), wss_server_mismatched_.GetURL("connect_check.html") |
+ .ReplaceComponents(replacements)); |
+ |
+ // We shouldn't have an interstitial page showing here. |
+ |
+ // Test page run a WebSocket wss connection test. The result will be shown |
+ // as page title. |
+ const base::string16 result = watcher.WaitAndGetTitle(); |
+ EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); |
+} |
+ |
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSExpired) { |
+ ASSERT_TRUE(embedded_test_server()->Start()); |
+ ASSERT_TRUE(wss_server_expired_.Start()); |
+ |
+ // Setup page title observer. |
+ WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
+ content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); |
+ watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); |
+ |
+ // Visit bad HTTPS page. |
+ GURL::Replacements replacements; |
+ replacements.SetSchemeStr("https"); |
+ ui_test_utils::NavigateToURL(browser(), |
+ wss_server_expired_.GetURL("connect_check.html") |
+ .ReplaceComponents(replacements)); |
+ |
+ // We shouldn't have an interstitial page showing here. |
+ |
+ // Test page run a WebSocket wss connection test. The result will be shown |
+ // as page title. |
+ const base::string16 result = watcher.WaitAndGetTitle(); |
+ EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); |
+} |
+ |
// Verifies that the interstitial can proceed, even if JavaScript is disabled. |
// http://crbug.com/322948 |
#if defined(OS_LINUX) |