| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 3403 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3414 public: | 3414 public: |
| 3415 TestSSLConfigService(bool ev_enabled, | 3415 TestSSLConfigService(bool ev_enabled, |
| 3416 bool online_rev_checking, | 3416 bool online_rev_checking, |
| 3417 bool rev_checking_required_local_anchors, | 3417 bool rev_checking_required_local_anchors, |
| 3418 bool token_binding_enabled) | 3418 bool token_binding_enabled) |
| 3419 : ev_enabled_(ev_enabled), | 3419 : ev_enabled_(ev_enabled), |
| 3420 online_rev_checking_(online_rev_checking), | 3420 online_rev_checking_(online_rev_checking), |
| 3421 rev_checking_required_local_anchors_( | 3421 rev_checking_required_local_anchors_( |
| 3422 rev_checking_required_local_anchors), | 3422 rev_checking_required_local_anchors), |
| 3423 token_binding_enabled_(token_binding_enabled), | 3423 token_binding_enabled_(token_binding_enabled), |
| 3424 min_version_(kDefaultSSLVersionMin) {} | 3424 min_version_(kDefaultSSLVersionMin), |
| 3425 max_version_(kDefaultSSLVersionMax) {} |
| 3425 | 3426 |
| 3427 void set_max_version(uint16_t version) { max_version_ = version; } |
| 3426 void set_min_version(uint16_t version) { min_version_ = version; } | 3428 void set_min_version(uint16_t version) { min_version_ = version; } |
| 3427 | 3429 |
| 3428 // SSLConfigService: | 3430 // SSLConfigService: |
| 3429 void GetSSLConfig(SSLConfig* config) override { | 3431 void GetSSLConfig(SSLConfig* config) override { |
| 3430 *config = SSLConfig(); | 3432 *config = SSLConfig(); |
| 3431 config->rev_checking_enabled = online_rev_checking_; | 3433 config->rev_checking_enabled = online_rev_checking_; |
| 3432 config->verify_ev_cert = ev_enabled_; | 3434 config->verify_ev_cert = ev_enabled_; |
| 3433 config->rev_checking_required_local_anchors = | 3435 config->rev_checking_required_local_anchors = |
| 3434 rev_checking_required_local_anchors_; | 3436 rev_checking_required_local_anchors_; |
| 3435 if (min_version_) { | 3437 config->version_min = min_version_; |
| 3436 config->version_min = min_version_; | 3438 config->version_max = max_version_; |
| 3437 } | |
| 3438 if (token_binding_enabled_) { | 3439 if (token_binding_enabled_) { |
| 3439 config->token_binding_params.push_back(TB_PARAM_ECDSAP256); | 3440 config->token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 3440 } | 3441 } |
| 3441 } | 3442 } |
| 3442 | 3443 |
| 3443 protected: | 3444 protected: |
| 3444 ~TestSSLConfigService() override {} | 3445 ~TestSSLConfigService() override {} |
| 3445 | 3446 |
| 3446 private: | 3447 private: |
| 3447 const bool ev_enabled_; | 3448 const bool ev_enabled_; |
| 3448 const bool online_rev_checking_; | 3449 const bool online_rev_checking_; |
| 3449 const bool rev_checking_required_local_anchors_; | 3450 const bool rev_checking_required_local_anchors_; |
| 3450 const bool token_binding_enabled_; | 3451 const bool token_binding_enabled_; |
| 3451 uint16_t min_version_; | 3452 uint16_t min_version_; |
| 3453 uint16_t max_version_; |
| 3452 }; | 3454 }; |
| 3453 | 3455 |
| 3454 // TODO(svaldez): Update tests to use EmbeddedTestServer. | 3456 // TODO(svaldez): Update tests to use EmbeddedTestServer. |
| 3455 #if !defined(OS_IOS) | 3457 #if !defined(OS_IOS) |
| 3456 class TokenBindingURLRequestTest : public URLRequestTestHTTP { | 3458 class TokenBindingURLRequestTest : public URLRequestTestHTTP { |
| 3457 public: | 3459 public: |
| 3458 TokenBindingURLRequestTest() = default; | 3460 TokenBindingURLRequestTest() = default; |
| 3459 | 3461 |
| 3460 void SetUp() override { | 3462 void SetUp() override { |
| 3461 default_context_.set_ssl_config_service( | 3463 default_context_.set_ssl_config_service( |
| (...skipping 5769 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9231 // With a newline at the end which makes the split think that there are | 9233 // With a newline at the end which makes the split think that there are |
| 9232 // three lines. | 9234 // three lines. |
| 9233 | 9235 |
| 9234 EXPECT_EQ(1, d.response_started_count()); | 9236 EXPECT_EQ(1, d.response_started_count()); |
| 9235 AssertTwoDistinctSessionsInserted(d.data_received()); | 9237 AssertTwoDistinctSessionsInserted(d.data_received()); |
| 9236 } | 9238 } |
| 9237 } | 9239 } |
| 9238 | 9240 |
| 9239 class HTTPSFallbackTest : public testing::Test { | 9241 class HTTPSFallbackTest : public testing::Test { |
| 9240 public: | 9242 public: |
| 9241 HTTPSFallbackTest() : context_(true) {} | 9243 HTTPSFallbackTest() |
| 9244 : scoped_task_scheduler_(base::MessageLoop::current()), context_(true) { |
| 9245 ssl_config_service_ = new TestSSLConfigService( |
| 9246 true /* check for EV */, false /* online revocation checking */, |
| 9247 false /* require rev. checking for local anchors */, |
| 9248 false /* token binding enabled */); |
| 9249 context_.set_ssl_config_service(ssl_config_service_.get()); |
| 9250 } |
| 9242 ~HTTPSFallbackTest() override {} | 9251 ~HTTPSFallbackTest() override {} |
| 9243 | 9252 |
| 9244 protected: | 9253 protected: |
| 9254 TestSSLConfigService* ssl_config_service() { |
| 9255 return ssl_config_service_.get(); |
| 9256 } |
| 9257 |
| 9245 void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) { | 9258 void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) { |
| 9246 DCHECK(!request_); | 9259 DCHECK(!request_); |
| 9247 context_.Init(); | 9260 context_.Init(); |
| 9248 delegate_.set_allow_certificate_errors(true); | 9261 delegate_.set_allow_certificate_errors(true); |
| 9249 | 9262 |
| 9250 SpawnedTestServer test_server( | 9263 SpawnedTestServer test_server( |
| 9251 SpawnedTestServer::TYPE_HTTPS, | 9264 SpawnedTestServer::TYPE_HTTPS, |
| 9252 ssl_options, | 9265 ssl_options, |
| 9253 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 9266 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 9254 ASSERT_TRUE(test_server.Start()); | 9267 ASSERT_TRUE(test_server.Start()); |
| 9255 | 9268 |
| 9256 request_ = context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, | 9269 request_ = context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, |
| 9257 &delegate_); | 9270 &delegate_); |
| 9258 request_->Start(); | 9271 request_->Start(); |
| 9259 | 9272 |
| 9260 base::RunLoop().Run(); | 9273 base::RunLoop().Run(); |
| 9261 } | 9274 } |
| 9262 | 9275 |
| 9276 void ExpectConnection(int version) { |
| 9277 EXPECT_EQ(1, delegate_.response_started_count()); |
| 9278 EXPECT_NE(0, delegate_.bytes_received()); |
| 9279 EXPECT_EQ(version, SSLConnectionStatusToVersion( |
| 9280 request_->ssl_info().connection_status)); |
| 9281 } |
| 9282 |
| 9263 void ExpectFailure(int error) { | 9283 void ExpectFailure(int error) { |
| 9264 EXPECT_EQ(1, delegate_.response_started_count()); | 9284 EXPECT_EQ(1, delegate_.response_started_count()); |
| 9265 EXPECT_EQ(error, delegate_.request_status()); | 9285 EXPECT_EQ(error, delegate_.request_status()); |
| 9266 } | 9286 } |
| 9267 | 9287 |
| 9268 private: | 9288 private: |
| 9289 // Required by ChannelIDService. |
| 9290 base::test::ScopedTaskScheduler scoped_task_scheduler_; |
| 9269 TestDelegate delegate_; | 9291 TestDelegate delegate_; |
| 9270 TestURLRequestContext context_; | 9292 TestURLRequestContext context_; |
| 9271 std::unique_ptr<URLRequest> request_; | 9293 std::unique_ptr<URLRequest> request_; |
| 9294 scoped_refptr<TestSSLConfigService> ssl_config_service_; |
| 9272 }; | 9295 }; |
| 9273 | 9296 |
| 9274 // Tests the TLS 1.0 fallback doesn't happen. | 9297 // Tests the TLS 1.0 fallback doesn't happen. |
| 9275 TEST_F(HTTPSFallbackTest, TLSv1NoFallback) { | 9298 TEST_F(HTTPSFallbackTest, TLSv1NoFallback) { |
| 9276 SpawnedTestServer::SSLOptions ssl_options( | 9299 SpawnedTestServer::SSLOptions ssl_options( |
| 9277 SpawnedTestServer::SSLOptions::CERT_OK); | 9300 SpawnedTestServer::SSLOptions::CERT_OK); |
| 9278 ssl_options.tls_intolerant = | 9301 ssl_options.tls_intolerant = |
| 9279 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; | 9302 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; |
| 9280 | 9303 |
| 9281 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | 9304 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
| 9282 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); | 9305 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
| 9283 } | 9306 } |
| 9284 | 9307 |
| 9285 // Tests the TLS 1.1 fallback doesn't happen. | 9308 // Tests the TLS 1.1 fallback doesn't happen. |
| 9286 TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { | 9309 TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { |
| 9287 SpawnedTestServer::SSLOptions ssl_options( | 9310 SpawnedTestServer::SSLOptions ssl_options( |
| 9288 SpawnedTestServer::SSLOptions::CERT_OK); | 9311 SpawnedTestServer::SSLOptions::CERT_OK); |
| 9289 ssl_options.tls_intolerant = | 9312 ssl_options.tls_intolerant = |
| 9290 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; | 9313 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; |
| 9291 | 9314 |
| 9292 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | 9315 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
| 9293 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); | 9316 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
| 9294 } | 9317 } |
| 9295 | 9318 |
| 9319 // Tests that TLS 1.3 interference results in a dedicated error code. |
| 9320 TEST_F(HTTPSFallbackTest, TLSv1_3Interference) { |
| 9321 SpawnedTestServer::SSLOptions ssl_options( |
| 9322 SpawnedTestServer::SSLOptions::CERT_OK); |
| 9323 ssl_options.tls_intolerant = |
| 9324 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; |
| 9325 ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_3); |
| 9326 |
| 9327 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
| 9328 ExpectFailure(ERR_SSL_VERSION_INTERFERENCE); |
| 9329 } |
| 9330 |
| 9331 // Tests that disabling TLS 1.3 leaves TLS 1.3 interference unnoticed. |
| 9332 TEST_F(HTTPSFallbackTest, TLSv1_3InterferenceDisableVersion) { |
| 9333 SpawnedTestServer::SSLOptions ssl_options( |
| 9334 SpawnedTestServer::SSLOptions::CERT_OK); |
| 9335 ssl_options.tls_intolerant = |
| 9336 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; |
| 9337 ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_2); |
| 9338 |
| 9339 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
| 9340 ExpectConnection(SSL_CONNECTION_VERSION_TLS1_2); |
| 9341 } |
| 9342 |
| 9296 class HTTPSSessionTest : public testing::Test { | 9343 class HTTPSSessionTest : public testing::Test { |
| 9297 public: | 9344 public: |
| 9298 HTTPSSessionTest() | 9345 HTTPSSessionTest() |
| 9299 : scoped_task_scheduler_(base::MessageLoop::current()), | 9346 : scoped_task_scheduler_(base::MessageLoop::current()), |
| 9300 default_context_(true) { | 9347 default_context_(true) { |
| 9301 cert_verifier_.set_default_result(OK); | 9348 cert_verifier_.set_default_result(OK); |
| 9302 | 9349 |
| 9303 default_context_.set_network_delegate(&default_network_delegate_); | 9350 default_context_.set_network_delegate(&default_network_delegate_); |
| 9304 default_context_.set_cert_verifier(&cert_verifier_); | 9351 default_context_.set_cert_verifier(&cert_verifier_); |
| 9305 default_context_.Init(); | 9352 default_context_.Init(); |
| (...skipping 1565 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10871 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10918 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 10872 | 10919 |
| 10873 req->Start(); | 10920 req->Start(); |
| 10874 req->Cancel(); | 10921 req->Cancel(); |
| 10875 base::RunLoop().RunUntilIdle(); | 10922 base::RunLoop().RunUntilIdle(); |
| 10876 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 10923 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
| 10877 EXPECT_EQ(0, d.received_redirect_count()); | 10924 EXPECT_EQ(0, d.received_redirect_count()); |
| 10878 } | 10925 } |
| 10879 | 10926 |
| 10880 } // namespace net | 10927 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2800853008:
Add a dedicated error code for TLS 1.3 interference. (Closed)
