Chromium Code Reviews Chromium Code Reviews
Issue 2800853008:
Add a dedicated error code for TLS 1.3 interference. (Closed)
| Index: net/url_request/url_request_unittest.cc |
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc |
| index 2e51d6ac73a1871270e03c2926f2332ba8b5454d..a247c74b8b4fbc0bf792058b8880a1653b086e39 100644 |
| --- a/net/url_request/url_request_unittest.cc |
| +++ b/net/url_request/url_request_unittest.cc |
| @@ -3421,8 +3421,10 @@ class TestSSLConfigService : public SSLConfigService { |
| rev_checking_required_local_anchors_( |
| rev_checking_required_local_anchors), |
| token_binding_enabled_(token_binding_enabled), |
| - min_version_(kDefaultSSLVersionMin) {} |
| + min_version_(kDefaultSSLVersionMin), |
| + max_version_(kDefaultSSLVersionMax) {} |
| + void set_max_version(uint16_t version) { max_version_ = version; } |
| void set_min_version(uint16_t version) { min_version_ = version; } |
| // SSLConfigService: |
| @@ -3432,9 +3434,8 @@ class TestSSLConfigService : public SSLConfigService { |
| config->verify_ev_cert = ev_enabled_; |
| config->rev_checking_required_local_anchors = |
| rev_checking_required_local_anchors_; |
| - if (min_version_) { |
| - config->version_min = min_version_; |
| - } |
| + config->version_min = min_version_; |
| + config->version_max = max_version_; |
| if (token_binding_enabled_) { |
| config->token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| } |
| @@ -3449,6 +3450,7 @@ class TestSSLConfigService : public SSLConfigService { |
| const bool rev_checking_required_local_anchors_; |
| const bool token_binding_enabled_; |
| uint16_t min_version_; |
| + uint16_t max_version_; |
| }; |
| // TODO(svaldez): Update tests to use EmbeddedTestServer. |
| @@ -9238,10 +9240,22 @@ TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) { |
| class HTTPSFallbackTest : public testing::Test { |
| public: |
| - HTTPSFallbackTest() : context_(true) {} |
| + HTTPSFallbackTest() |
| + : scoped_task_scheduler_(base::MessageLoop::current()), context_(true) { |
| + ssl_config_service_ = new TestSSLConfigService( |
| + true /* check for EV */, false /* online revocation checking */, |
| + false /* require rev. checking for local |
| + anchors */, |
|
svaldez
2017/04/10 19:10:32
clang format?
davidben
2017/04/10 19:52:25
That's what clang-format did. but I think it got c
|
| + false /* token binding enabled */); |
| + context_.set_ssl_config_service(ssl_config_service_.get()); |
| + } |
| ~HTTPSFallbackTest() override {} |
| protected: |
| + TestSSLConfigService* ssl_config_service() { |
| + return ssl_config_service_.get(); |
| + } |
| + |
| void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) { |
| DCHECK(!request_); |
| context_.Init(); |
| @@ -9260,15 +9274,25 @@ class HTTPSFallbackTest : public testing::Test { |
| base::RunLoop().Run(); |
| } |
| + void ExpectConnection(int version) { |
| + EXPECT_EQ(1, delegate_.response_started_count()); |
| + EXPECT_NE(0, delegate_.bytes_received()); |
| + EXPECT_EQ(version, SSLConnectionStatusToVersion( |
| + request_->ssl_info().connection_status)); |
| + } |
| + |
| void ExpectFailure(int error) { |
| EXPECT_EQ(1, delegate_.response_started_count()); |
| EXPECT_EQ(error, delegate_.request_status()); |
| } |
| private: |
| + // Required by ChannelIDService. |
| + base::test::ScopedTaskScheduler scoped_task_scheduler_; |
| TestDelegate delegate_; |
| TestURLRequestContext context_; |
| std::unique_ptr<URLRequest> request_; |
| + scoped_refptr<TestSSLConfigService> ssl_config_service_; |
| }; |
| // Tests the TLS 1.0 fallback doesn't happen. |
| @@ -9293,6 +9317,30 @@ TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { |
| ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
| } |
| +// Tests that TLS 1.3 interference results in a dedicated error code. |
| +TEST_F(HTTPSFallbackTest, TLSv1_3Interference) { |
| + SpawnedTestServer::SSLOptions ssl_options( |
| + SpawnedTestServer::SSLOptions::CERT_OK); |
| + ssl_options.tls_intolerant = |
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; |
| + ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_3); |
| + |
| + ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
| + ExpectFailure(ERR_SSL_VERSION_INTERFERENCE); |
| +} |
| + |
| +// Tests that disabling TLS 1.3 leaves TLS 1.3 interference unnoticed. |
| +TEST_F(HTTPSFallbackTest, TLSv1_3InterferenceDisableVersion) { |
| + SpawnedTestServer::SSLOptions ssl_options( |
| + SpawnedTestServer::SSLOptions::CERT_OK); |
| + ssl_options.tls_intolerant = |
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; |
| + ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_2); |
| + |
| + ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
| + ExpectConnection(SSL_CONNECTION_VERSION_TLS1_2); |
| +} |
| + |
| class HTTPSSessionTest : public testing::Test { |
| public: |
| HTTPSSessionTest() |
