| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 #include <shlobj.h> | 9 #include <shlobj.h> |
| 10 #endif | 10 #endif |
| (...skipping 6559 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6570 | 6570 |
| 6571 base::RunLoop().Run(); | 6571 base::RunLoop().Run(); |
| 6572 | 6572 |
| 6573 EXPECT_EQ(1, d.response_started_count()); | 6573 EXPECT_EQ(1, d.response_started_count()); |
| 6574 EXPECT_NE(0, d.bytes_received()); | 6574 EXPECT_NE(0, d.bytes_received()); |
| 6575 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | 6575 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
| 6576 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6576 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
| 6577 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6577 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
| 6578 } | 6578 } |
| 6579 | 6579 |
| 6580 // Tests fallback to TLS 1.1 on connection reset. |
| 6581 TEST_F(HTTPSRequestTest, TLSv1FallbackReset) { |
| 6582 // The OpenSSL library in use may not support TLS 1.1. |
| 6583 #if !defined(USE_OPENSSL) |
| 6584 EXPECT_GT(kDefaultSSLVersionMax, SSL_PROTOCOL_VERSION_TLS1); |
| 6585 #endif |
| 6586 if (kDefaultSSLVersionMax <= SSL_PROTOCOL_VERSION_TLS1) |
| 6587 return; |
| 6588 |
| 6589 SpawnedTestServer::SSLOptions ssl_options( |
| 6590 SpawnedTestServer::SSLOptions::CERT_OK); |
| 6591 ssl_options.tls_intolerant = |
| 6592 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; |
| 6593 ssl_options.reset_on_intolerance = true; |
| 6594 SpawnedTestServer test_server( |
| 6595 SpawnedTestServer::TYPE_HTTPS, |
| 6596 ssl_options, |
| 6597 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 6598 ASSERT_TRUE(test_server.Start()); |
| 6599 |
| 6600 TestDelegate d; |
| 6601 TestURLRequestContext context(true); |
| 6602 context.Init(); |
| 6603 d.set_allow_certificate_errors(true); |
| 6604 URLRequest r( |
| 6605 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
| 6606 r.Start(); |
| 6607 |
| 6608 base::RunLoop().Run(); |
| 6609 |
| 6610 EXPECT_EQ(1, d.response_started_count()); |
| 6611 EXPECT_NE(0, d.bytes_received()); |
| 6612 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
| 6613 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
| 6614 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
| 6615 } |
| 6616 |
| 6580 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. | 6617 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. |
| 6581 #if defined(USE_OPENSSL) | 6618 #if defined(USE_OPENSSL) |
| 6582 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { | 6619 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { |
| 6583 #else | 6620 #else |
| 6584 TEST_F(HTTPSRequestTest, FallbackSCSV) { | 6621 TEST_F(HTTPSRequestTest, FallbackSCSV) { |
| 6585 #endif | 6622 #endif |
| 6586 SpawnedTestServer::SSLOptions ssl_options( | 6623 SpawnedTestServer::SSLOptions ssl_options( |
| 6587 SpawnedTestServer::SSLOptions::CERT_OK); | 6624 SpawnedTestServer::SSLOptions::CERT_OK); |
| 6588 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger | 6625 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger |
| 6589 // a version fallback. | 6626 // a version fallback. |
| (...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6814 | 6851 |
| 6815 base::RunLoop().Run(); | 6852 base::RunLoop().Run(); |
| 6816 | 6853 |
| 6817 EXPECT_EQ(1, d.response_started_count()); | 6854 EXPECT_EQ(1, d.response_started_count()); |
| 6818 EXPECT_NE(0, d.bytes_received()); | 6855 EXPECT_NE(0, d.bytes_received()); |
| 6819 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), | 6856 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), |
| 6820 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6857 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
| 6821 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6858 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
| 6822 } | 6859 } |
| 6823 | 6860 |
| 6861 // Tests that a reset connection does not fallback down to SSL3. |
| 6862 TEST_F(HTTPSRequestTest, SSLv3NoFallbackReset) { |
| 6863 SpawnedTestServer::SSLOptions ssl_options( |
| 6864 SpawnedTestServer::SSLOptions::CERT_OK); |
| 6865 ssl_options.tls_intolerant = |
| 6866 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
| 6867 ssl_options.reset_on_intolerance = true; |
| 6868 SpawnedTestServer test_server( |
| 6869 SpawnedTestServer::TYPE_HTTPS, |
| 6870 ssl_options, |
| 6871 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 6872 ASSERT_TRUE(test_server.Start()); |
| 6873 |
| 6874 TestDelegate d; |
| 6875 TestURLRequestContext context(true); |
| 6876 context.Init(); |
| 6877 d.set_allow_certificate_errors(true); |
| 6878 URLRequest r( |
| 6879 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
| 6880 r.Start(); |
| 6881 |
| 6882 base::RunLoop().Run(); |
| 6883 |
| 6884 EXPECT_FALSE(r.status().is_success()); |
| 6885 EXPECT_EQ(URLRequestStatus::FAILED, r.status().status()); |
| 6886 EXPECT_EQ(ERR_CONNECTION_RESET, r.status().error()); |
| 6887 } |
| 6888 |
| 6824 namespace { | 6889 namespace { |
| 6825 | 6890 |
| 6826 class SSLClientAuthTestDelegate : public TestDelegate { | 6891 class SSLClientAuthTestDelegate : public TestDelegate { |
| 6827 public: | 6892 public: |
| 6828 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { | 6893 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { |
| 6829 } | 6894 } |
| 6830 virtual void OnCertificateRequested( | 6895 virtual void OnCertificateRequested( |
| 6831 URLRequest* request, | 6896 URLRequest* request, |
| 6832 SSLCertRequestInfo* cert_request_info) OVERRIDE { | 6897 SSLCertRequestInfo* cert_request_info) OVERRIDE { |
| 6833 on_certificate_requested_count_++; | 6898 on_certificate_requested_count_++; |
| (...skipping 1179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8013 | 8078 |
| 8014 EXPECT_FALSE(r.is_pending()); | 8079 EXPECT_FALSE(r.is_pending()); |
| 8015 EXPECT_EQ(1, d->response_started_count()); | 8080 EXPECT_EQ(1, d->response_started_count()); |
| 8016 EXPECT_FALSE(d->received_data_before_response()); | 8081 EXPECT_FALSE(d->received_data_before_response()); |
| 8017 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 8082 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
| 8018 } | 8083 } |
| 8019 } | 8084 } |
| 8020 #endif // !defined(DISABLE_FTP_SUPPORT) | 8085 #endif // !defined(DISABLE_FTP_SUPPORT) |
| 8021 | 8086 |
| 8022 } // namespace net | 8087 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 280853002:
Preserve transport errors for OpenSSL sockets. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src