Preserve transport errors for OpenSSL sockets.

net/url_request/url_request_unittest.cc

Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 851dc4b5f55c0ffe9e7fbc4caba7075c00e8f7b2..030a930c90a08be5911d109a08cef96ffd1452b3 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -6577,6 +6577,43 @@ TEST_F(HTTPSRequestTest, TLSv1Fallback) {
   EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
 }
 
+// Tests fallback to TLS 1.1 on connection reset.
+TEST_F(HTTPSRequestTest, TLSv1FallbackReset) {
+  // The OpenSSL library in use may not support TLS 1.1.
+#if !defined(USE_OPENSSL)
+  EXPECT_GT(kDefaultSSLVersionMax, SSL_PROTOCOL_VERSION_TLS1);
+#endif
+  if (kDefaultSSLVersionMax <= SSL_PROTOCOL_VERSION_TLS1)
+    return;
+
+  SpawnedTestServer::SSLOptions ssl_options(
+      SpawnedTestServer::SSLOptions::CERT_OK);
+  ssl_options.tls_intolerant =
+      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1;
+  ssl_options.reset_on_intolerance = true;
+  SpawnedTestServer test_server(
+      SpawnedTestServer::TYPE_HTTPS,
+      ssl_options,
+      base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
+  ASSERT_TRUE(test_server.Start());
+
+  TestDelegate d;
+  TestURLRequestContext context(true);
+  context.Init();
+  d.set_allow_certificate_errors(true);
+  URLRequest r(
+      test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);
+  r.Start();
+
+  base::RunLoop().Run();
+
+  EXPECT_EQ(1, d.response_started_count());
+  EXPECT_NE(0, d.bytes_received());
+  EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1),
+            SSLConnectionStatusToVersion(r.ssl_info().connection_status));
+  EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
+}
+
 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV.
 #if defined(USE_OPENSSL)
 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) {
@@ -6821,6 +6858,34 @@ TEST_F(HTTPSRequestTest, SSLv3Fallback) {
   EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
 }
 
+// Tests that a reset connection does not fallback down to SSL3.
+TEST_F(HTTPSRequestTest, SSLv3NoFallbackReset) {
+  SpawnedTestServer::SSLOptions ssl_options(
+      SpawnedTestServer::SSLOptions::CERT_OK);
+  ssl_options.tls_intolerant =
+      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
+  ssl_options.reset_on_intolerance = true;
+  SpawnedTestServer test_server(
+      SpawnedTestServer::TYPE_HTTPS,
+      ssl_options,
+      base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
+  ASSERT_TRUE(test_server.Start());
+
+  TestDelegate d;
+  TestURLRequestContext context(true);
+  context.Init();
+  d.set_allow_certificate_errors(true);
+  URLRequest r(
+      test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);
+  r.Start();
+
+  base::RunLoop().Run();
+
+  EXPECT_FALSE(r.status().is_success());
+  EXPECT_EQ(URLRequestStatus::FAILED, r.status().status());
+  EXPECT_EQ(ERR_CONNECTION_RESET, r.status().error());
+}
+
 namespace {
 
 class SSLClientAuthTestDelegate : public TestDelegate {