OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <shlobj.h> | 9 #include <shlobj.h> |
10 #endif | 10 #endif |
(...skipping 6559 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6570 | 6570 |
6571 base::RunLoop().Run(); | 6571 base::RunLoop().Run(); |
6572 | 6572 |
6573 EXPECT_EQ(1, d.response_started_count()); | 6573 EXPECT_EQ(1, d.response_started_count()); |
6574 EXPECT_NE(0, d.bytes_received()); | 6574 EXPECT_NE(0, d.bytes_received()); |
6575 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | 6575 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
6576 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6576 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6577 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6577 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6578 } | 6578 } |
6579 | 6579 |
6580 // This test is disabled on Android because the remote test server doesn't cause | |
6581 // a TCP reset. | |
6582 #if !defined(OS_ANDROID) | |
davidben
2014/06/06 23:31:51
I'm more than a little annoyed about this (and the
| |
6583 // Tests fallback to TLS 1.1 on connection reset. | |
6584 TEST_F(HTTPSRequestTest, TLSv1FallbackReset) { | |
6585 // The OpenSSL library in use may not support TLS 1.1. | |
6586 #if !defined(USE_OPENSSL) | |
6587 EXPECT_GT(kDefaultSSLVersionMax, SSL_PROTOCOL_VERSION_TLS1); | |
6588 #endif | |
6589 if (kDefaultSSLVersionMax <= SSL_PROTOCOL_VERSION_TLS1) | |
6590 return; | |
6591 | |
6592 SpawnedTestServer::SSLOptions ssl_options( | |
6593 SpawnedTestServer::SSLOptions::CERT_OK); | |
6594 ssl_options.tls_intolerant = | |
6595 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; | |
6596 ssl_options.tls_intolerance_type = | |
6597 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; | |
6598 SpawnedTestServer test_server( | |
6599 SpawnedTestServer::TYPE_HTTPS, | |
6600 ssl_options, | |
6601 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
6602 ASSERT_TRUE(test_server.Start()); | |
6603 | |
6604 TestDelegate d; | |
6605 TestURLRequestContext context(true); | |
6606 context.Init(); | |
6607 d.set_allow_certificate_errors(true); | |
6608 URLRequest r( | |
6609 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | |
6610 r.Start(); | |
6611 | |
6612 base::RunLoop().Run(); | |
6613 | |
6614 EXPECT_EQ(1, d.response_started_count()); | |
6615 EXPECT_NE(0, d.bytes_received()); | |
6616 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | |
6617 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | |
6618 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | |
6619 } | |
6620 #endif // !OS_ANDROID | |
6621 | |
6580 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. | 6622 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. |
6581 #if defined(USE_OPENSSL) | 6623 #if defined(USE_OPENSSL) |
6582 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { | 6624 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { |
6583 #else | 6625 #else |
6584 TEST_F(HTTPSRequestTest, FallbackSCSV) { | 6626 TEST_F(HTTPSRequestTest, FallbackSCSV) { |
6585 #endif | 6627 #endif |
6586 SpawnedTestServer::SSLOptions ssl_options( | 6628 SpawnedTestServer::SSLOptions ssl_options( |
6587 SpawnedTestServer::SSLOptions::CERT_OK); | 6629 SpawnedTestServer::SSLOptions::CERT_OK); |
6588 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger | 6630 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger |
6589 // a version fallback. | 6631 // a version fallback. |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6786 EXPECT_EQ("https", req.url().scheme()); | 6828 EXPECT_EQ("https", req.url().scheme()); |
6787 EXPECT_EQ("POST", req.method()); | 6829 EXPECT_EQ("POST", req.method()); |
6788 EXPECT_EQ(kData, d.data_received()); | 6830 EXPECT_EQ(kData, d.data_received()); |
6789 | 6831 |
6790 LoadTimingInfo load_timing_info; | 6832 LoadTimingInfo load_timing_info; |
6791 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info); | 6833 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info); |
6792 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits | 6834 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits |
6793 TestLoadTimingCacheHitNoNetwork(load_timing_info); | 6835 TestLoadTimingCacheHitNoNetwork(load_timing_info); |
6794 } | 6836 } |
6795 | 6837 |
6838 // Tests that the SSLv3 fallback triggers on alert. | |
6796 TEST_F(HTTPSRequestTest, SSLv3Fallback) { | 6839 TEST_F(HTTPSRequestTest, SSLv3Fallback) { |
6797 SpawnedTestServer::SSLOptions ssl_options( | 6840 SpawnedTestServer::SSLOptions ssl_options( |
6798 SpawnedTestServer::SSLOptions::CERT_OK); | 6841 SpawnedTestServer::SSLOptions::CERT_OK); |
6799 ssl_options.tls_intolerant = | 6842 ssl_options.tls_intolerant = |
6800 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | 6843 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
6844 ssl_options.tls_intolerance_type = | |
6845 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_ALERT; | |
6801 SpawnedTestServer test_server( | 6846 SpawnedTestServer test_server( |
6802 SpawnedTestServer::TYPE_HTTPS, | 6847 SpawnedTestServer::TYPE_HTTPS, |
6803 ssl_options, | 6848 ssl_options, |
6804 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 6849 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
6805 ASSERT_TRUE(test_server.Start()); | 6850 ASSERT_TRUE(test_server.Start()); |
6806 | 6851 |
6807 TestDelegate d; | 6852 TestDelegate d; |
6808 TestURLRequestContext context(true); | 6853 TestURLRequestContext context(true); |
6809 context.Init(); | 6854 context.Init(); |
6810 d.set_allow_certificate_errors(true); | 6855 d.set_allow_certificate_errors(true); |
6811 URLRequest r( | 6856 URLRequest r( |
6812 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | 6857 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
6813 r.Start(); | 6858 r.Start(); |
6814 | 6859 |
6815 base::RunLoop().Run(); | 6860 base::RunLoop().Run(); |
6816 | 6861 |
6817 EXPECT_EQ(1, d.response_started_count()); | 6862 EXPECT_EQ(1, d.response_started_count()); |
6818 EXPECT_NE(0, d.bytes_received()); | 6863 EXPECT_NE(0, d.bytes_received()); |
6819 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), | 6864 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), |
6820 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6865 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6821 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6866 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6822 } | 6867 } |
6823 | 6868 |
6869 // Tests that the SSLv3 fallback triggers on closed connections. | |
6870 TEST_F(HTTPSRequestTest, SSLv3FallbackClosed) { | |
6871 SpawnedTestServer::SSLOptions ssl_options( | |
6872 SpawnedTestServer::SSLOptions::CERT_OK); | |
6873 ssl_options.tls_intolerant = | |
6874 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | |
6875 ssl_options.tls_intolerance_type = | |
6876 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; | |
6877 SpawnedTestServer test_server( | |
6878 SpawnedTestServer::TYPE_HTTPS, | |
6879 ssl_options, | |
6880 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
6881 ASSERT_TRUE(test_server.Start()); | |
6882 | |
6883 TestDelegate d; | |
6884 TestURLRequestContext context(true); | |
6885 context.Init(); | |
6886 d.set_allow_certificate_errors(true); | |
6887 URLRequest r( | |
6888 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | |
6889 r.Start(); | |
6890 | |
6891 base::RunLoop().Run(); | |
6892 | |
6893 EXPECT_EQ(1, d.response_started_count()); | |
6894 EXPECT_NE(0, d.bytes_received()); | |
6895 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), | |
6896 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | |
6897 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | |
6898 } | |
6899 | |
6900 // This test is disabled on Android because the remote test server doesn't cause | |
6901 // a TCP reset. | |
6902 #if !defined(OS_ANDROID) | |
6903 // Tests that a reset connection does not fallback down to SSL3. | |
6904 TEST_F(HTTPSRequestTest, SSLv3NoFallbackReset) { | |
6905 SpawnedTestServer::SSLOptions ssl_options( | |
6906 SpawnedTestServer::SSLOptions::CERT_OK); | |
6907 ssl_options.tls_intolerant = | |
6908 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | |
6909 ssl_options.tls_intolerance_type = | |
6910 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; | |
6911 SpawnedTestServer test_server( | |
6912 SpawnedTestServer::TYPE_HTTPS, | |
6913 ssl_options, | |
6914 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
6915 ASSERT_TRUE(test_server.Start()); | |
6916 | |
6917 TestDelegate d; | |
6918 TestURLRequestContext context(true); | |
6919 context.Init(); | |
6920 d.set_allow_certificate_errors(true); | |
6921 URLRequest r( | |
6922 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | |
6923 r.Start(); | |
6924 | |
6925 base::RunLoop().Run(); | |
6926 | |
6927 EXPECT_FALSE(r.status().is_success()); | |
6928 EXPECT_EQ(URLRequestStatus::FAILED, r.status().status()); | |
6929 EXPECT_EQ(ERR_CONNECTION_RESET, r.status().error()); | |
6930 } | |
6931 #endif // !OS_ANDROID | |
6932 | |
6824 namespace { | 6933 namespace { |
6825 | 6934 |
6826 class SSLClientAuthTestDelegate : public TestDelegate { | 6935 class SSLClientAuthTestDelegate : public TestDelegate { |
6827 public: | 6936 public: |
6828 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { | 6937 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { |
6829 } | 6938 } |
6830 virtual void OnCertificateRequested( | 6939 virtual void OnCertificateRequested( |
6831 URLRequest* request, | 6940 URLRequest* request, |
6832 SSLCertRequestInfo* cert_request_info) OVERRIDE { | 6941 SSLCertRequestInfo* cert_request_info) OVERRIDE { |
6833 on_certificate_requested_count_++; | 6942 on_certificate_requested_count_++; |
(...skipping 1179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8013 | 8122 |
8014 EXPECT_FALSE(r.is_pending()); | 8123 EXPECT_FALSE(r.is_pending()); |
8015 EXPECT_EQ(1, d->response_started_count()); | 8124 EXPECT_EQ(1, d->response_started_count()); |
8016 EXPECT_FALSE(d->received_data_before_response()); | 8125 EXPECT_FALSE(d->received_data_before_response()); |
8017 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 8126 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
8018 } | 8127 } |
8019 } | 8128 } |
8020 #endif // !defined(DISABLE_FTP_SUPPORT) | 8129 #endif // !defined(DISABLE_FTP_SUPPORT) |
8021 | 8130 |
8022 } // namespace net | 8131 } // namespace net |
OLD | NEW |