OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <shlobj.h> | 9 #include <shlobj.h> |
10 #endif | 10 #endif |
(...skipping 6574 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6585 | 6585 |
6586 base::RunLoop().Run(); | 6586 base::RunLoop().Run(); |
6587 | 6587 |
6588 EXPECT_EQ(1, d.response_started_count()); | 6588 EXPECT_EQ(1, d.response_started_count()); |
6589 EXPECT_NE(0, d.bytes_received()); | 6589 EXPECT_NE(0, d.bytes_received()); |
6590 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | 6590 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
6591 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6591 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6592 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6592 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6593 } | 6593 } |
6594 | 6594 |
| 6595 // This test is disabled on Android because the remote test server doesn't cause |
| 6596 // a TCP reset. |
| 6597 #if !defined(OS_ANDROID) |
| 6598 // Tests fallback to TLS 1.1 on connection reset. |
| 6599 TEST_F(HTTPSRequestTest, TLSv1FallbackReset) { |
| 6600 // The OpenSSL library in use may not support TLS 1.1. |
| 6601 #if !defined(USE_OPENSSL) |
| 6602 EXPECT_GT(kDefaultSSLVersionMax, SSL_PROTOCOL_VERSION_TLS1); |
| 6603 #endif |
| 6604 if (kDefaultSSLVersionMax <= SSL_PROTOCOL_VERSION_TLS1) |
| 6605 return; |
| 6606 |
| 6607 SpawnedTestServer::SSLOptions ssl_options( |
| 6608 SpawnedTestServer::SSLOptions::CERT_OK); |
| 6609 ssl_options.tls_intolerant = |
| 6610 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; |
| 6611 ssl_options.tls_intolerance_type = |
| 6612 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; |
| 6613 SpawnedTestServer test_server( |
| 6614 SpawnedTestServer::TYPE_HTTPS, |
| 6615 ssl_options, |
| 6616 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 6617 ASSERT_TRUE(test_server.Start()); |
| 6618 |
| 6619 TestDelegate d; |
| 6620 TestURLRequestContext context(true); |
| 6621 context.Init(); |
| 6622 d.set_allow_certificate_errors(true); |
| 6623 URLRequest r( |
| 6624 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
| 6625 r.Start(); |
| 6626 |
| 6627 base::RunLoop().Run(); |
| 6628 |
| 6629 EXPECT_EQ(1, d.response_started_count()); |
| 6630 EXPECT_NE(0, d.bytes_received()); |
| 6631 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
| 6632 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
| 6633 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
| 6634 } |
| 6635 #endif // !OS_ANDROID |
| 6636 |
6595 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. | 6637 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. |
6596 #if defined(USE_OPENSSL) | 6638 #if defined(USE_OPENSSL) |
6597 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { | 6639 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { |
6598 #else | 6640 #else |
6599 TEST_F(HTTPSRequestTest, FallbackSCSV) { | 6641 TEST_F(HTTPSRequestTest, FallbackSCSV) { |
6600 #endif | 6642 #endif |
6601 SpawnedTestServer::SSLOptions ssl_options( | 6643 SpawnedTestServer::SSLOptions ssl_options( |
6602 SpawnedTestServer::SSLOptions::CERT_OK); | 6644 SpawnedTestServer::SSLOptions::CERT_OK); |
6603 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger | 6645 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger |
6604 // a version fallback. | 6646 // a version fallback. |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6801 EXPECT_EQ("https", req.url().scheme()); | 6843 EXPECT_EQ("https", req.url().scheme()); |
6802 EXPECT_EQ("POST", req.method()); | 6844 EXPECT_EQ("POST", req.method()); |
6803 EXPECT_EQ(kData, d.data_received()); | 6845 EXPECT_EQ(kData, d.data_received()); |
6804 | 6846 |
6805 LoadTimingInfo load_timing_info; | 6847 LoadTimingInfo load_timing_info; |
6806 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info); | 6848 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info); |
6807 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits | 6849 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits |
6808 TestLoadTimingCacheHitNoNetwork(load_timing_info); | 6850 TestLoadTimingCacheHitNoNetwork(load_timing_info); |
6809 } | 6851 } |
6810 | 6852 |
| 6853 // Tests that the SSLv3 fallback triggers on alert. |
6811 TEST_F(HTTPSRequestTest, SSLv3Fallback) { | 6854 TEST_F(HTTPSRequestTest, SSLv3Fallback) { |
6812 SpawnedTestServer::SSLOptions ssl_options( | 6855 SpawnedTestServer::SSLOptions ssl_options( |
6813 SpawnedTestServer::SSLOptions::CERT_OK); | 6856 SpawnedTestServer::SSLOptions::CERT_OK); |
6814 ssl_options.tls_intolerant = | 6857 ssl_options.tls_intolerant = |
6815 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | 6858 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
| 6859 ssl_options.tls_intolerance_type = |
| 6860 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_ALERT; |
6816 SpawnedTestServer test_server( | 6861 SpawnedTestServer test_server( |
6817 SpawnedTestServer::TYPE_HTTPS, | 6862 SpawnedTestServer::TYPE_HTTPS, |
6818 ssl_options, | 6863 ssl_options, |
6819 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 6864 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
6820 ASSERT_TRUE(test_server.Start()); | 6865 ASSERT_TRUE(test_server.Start()); |
6821 | 6866 |
6822 TestDelegate d; | 6867 TestDelegate d; |
6823 TestURLRequestContext context(true); | 6868 TestURLRequestContext context(true); |
6824 context.Init(); | 6869 context.Init(); |
6825 d.set_allow_certificate_errors(true); | 6870 d.set_allow_certificate_errors(true); |
6826 URLRequest r( | 6871 URLRequest r( |
6827 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | 6872 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
6828 r.Start(); | 6873 r.Start(); |
6829 | 6874 |
6830 base::RunLoop().Run(); | 6875 base::RunLoop().Run(); |
6831 | 6876 |
6832 EXPECT_EQ(1, d.response_started_count()); | 6877 EXPECT_EQ(1, d.response_started_count()); |
6833 EXPECT_NE(0, d.bytes_received()); | 6878 EXPECT_NE(0, d.bytes_received()); |
6834 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), | 6879 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), |
6835 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6880 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6836 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6881 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6837 } | 6882 } |
6838 | 6883 |
| 6884 // Tests that the SSLv3 fallback triggers on closed connections. |
| 6885 TEST_F(HTTPSRequestTest, SSLv3FallbackClosed) { |
| 6886 SpawnedTestServer::SSLOptions ssl_options( |
| 6887 SpawnedTestServer::SSLOptions::CERT_OK); |
| 6888 ssl_options.tls_intolerant = |
| 6889 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
| 6890 ssl_options.tls_intolerance_type = |
| 6891 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; |
| 6892 SpawnedTestServer test_server( |
| 6893 SpawnedTestServer::TYPE_HTTPS, |
| 6894 ssl_options, |
| 6895 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 6896 ASSERT_TRUE(test_server.Start()); |
| 6897 |
| 6898 TestDelegate d; |
| 6899 TestURLRequestContext context(true); |
| 6900 context.Init(); |
| 6901 d.set_allow_certificate_errors(true); |
| 6902 URLRequest r( |
| 6903 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
| 6904 r.Start(); |
| 6905 |
| 6906 base::RunLoop().Run(); |
| 6907 |
| 6908 EXPECT_EQ(1, d.response_started_count()); |
| 6909 EXPECT_NE(0, d.bytes_received()); |
| 6910 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), |
| 6911 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
| 6912 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
| 6913 } |
| 6914 |
| 6915 // This test is disabled on Android because the remote test server doesn't cause |
| 6916 // a TCP reset. |
| 6917 #if !defined(OS_ANDROID) |
| 6918 // Tests that a reset connection does not fallback down to SSL3. |
| 6919 TEST_F(HTTPSRequestTest, SSLv3NoFallbackReset) { |
| 6920 SpawnedTestServer::SSLOptions ssl_options( |
| 6921 SpawnedTestServer::SSLOptions::CERT_OK); |
| 6922 ssl_options.tls_intolerant = |
| 6923 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
| 6924 ssl_options.tls_intolerance_type = |
| 6925 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; |
| 6926 SpawnedTestServer test_server( |
| 6927 SpawnedTestServer::TYPE_HTTPS, |
| 6928 ssl_options, |
| 6929 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 6930 ASSERT_TRUE(test_server.Start()); |
| 6931 |
| 6932 TestDelegate d; |
| 6933 TestURLRequestContext context(true); |
| 6934 context.Init(); |
| 6935 d.set_allow_certificate_errors(true); |
| 6936 URLRequest r( |
| 6937 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
| 6938 r.Start(); |
| 6939 |
| 6940 base::RunLoop().Run(); |
| 6941 |
| 6942 EXPECT_FALSE(r.status().is_success()); |
| 6943 EXPECT_EQ(URLRequestStatus::FAILED, r.status().status()); |
| 6944 EXPECT_EQ(ERR_CONNECTION_RESET, r.status().error()); |
| 6945 } |
| 6946 #endif // !OS_ANDROID |
| 6947 |
6839 namespace { | 6948 namespace { |
6840 | 6949 |
6841 class SSLClientAuthTestDelegate : public TestDelegate { | 6950 class SSLClientAuthTestDelegate : public TestDelegate { |
6842 public: | 6951 public: |
6843 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { | 6952 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { |
6844 } | 6953 } |
6845 virtual void OnCertificateRequested( | 6954 virtual void OnCertificateRequested( |
6846 URLRequest* request, | 6955 URLRequest* request, |
6847 SSLCertRequestInfo* cert_request_info) OVERRIDE { | 6956 SSLCertRequestInfo* cert_request_info) OVERRIDE { |
6848 on_certificate_requested_count_++; | 6957 on_certificate_requested_count_++; |
(...skipping 1179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8028 | 8137 |
8029 EXPECT_FALSE(r.is_pending()); | 8138 EXPECT_FALSE(r.is_pending()); |
8030 EXPECT_EQ(1, d->response_started_count()); | 8139 EXPECT_EQ(1, d->response_started_count()); |
8031 EXPECT_FALSE(d->received_data_before_response()); | 8140 EXPECT_FALSE(d->received_data_before_response()); |
8032 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 8141 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
8033 } | 8142 } |
8034 } | 8143 } |
8035 #endif // !defined(DISABLE_FTP_SUPPORT) | 8144 #endif // !defined(DISABLE_FTP_SUPPORT) |
8036 | 8145 |
8037 } // namespace net | 8146 } // namespace net |
OLD | NEW |