| Index: net/url_request/url_request_unittest.cc
|
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
|
| index 42a083505ef04493c2dc1e976f108ca144a4f0d9..30c475e8854734a0f2b2d4750b016fa8e4dab7ca 100644
|
| --- a/net/url_request/url_request_unittest.cc
|
| +++ b/net/url_request/url_request_unittest.cc
|
| @@ -6592,6 +6592,48 @@ TEST_F(HTTPSRequestTest, TLSv1Fallback) {
|
| EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
|
| }
|
|
|
| +// This test is disabled on Android because the remote test server doesn't cause
|
| +// a TCP reset.
|
| +#if !defined(OS_ANDROID)
|
| +// Tests fallback to TLS 1.1 on connection reset.
|
| +TEST_F(HTTPSRequestTest, TLSv1FallbackReset) {
|
| + // The OpenSSL library in use may not support TLS 1.1.
|
| +#if !defined(USE_OPENSSL)
|
| + EXPECT_GT(kDefaultSSLVersionMax, SSL_PROTOCOL_VERSION_TLS1);
|
| +#endif
|
| + if (kDefaultSSLVersionMax <= SSL_PROTOCOL_VERSION_TLS1)
|
| + return;
|
| +
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_OK);
|
| + ssl_options.tls_intolerant =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1;
|
| + ssl_options.tls_intolerance_type =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET;
|
| + SpawnedTestServer test_server(
|
| + SpawnedTestServer::TYPE_HTTPS,
|
| + ssl_options,
|
| + base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
|
| + ASSERT_TRUE(test_server.Start());
|
| +
|
| + TestDelegate d;
|
| + TestURLRequestContext context(true);
|
| + context.Init();
|
| + d.set_allow_certificate_errors(true);
|
| + URLRequest r(
|
| + test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);
|
| + r.Start();
|
| +
|
| + base::RunLoop().Run();
|
| +
|
| + EXPECT_EQ(1, d.response_started_count());
|
| + EXPECT_NE(0, d.bytes_received());
|
| + EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1),
|
| + SSLConnectionStatusToVersion(r.ssl_info().connection_status));
|
| + EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
|
| +}
|
| +#endif // !OS_ANDROID
|
| +
|
| // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV.
|
| #if defined(USE_OPENSSL)
|
| TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) {
|
| @@ -6808,11 +6850,14 @@ TEST_F(HTTPSRequestTest, HSTSPreservesPosts) {
|
| TestLoadTimingCacheHitNoNetwork(load_timing_info);
|
| }
|
|
|
| +// Tests that the SSLv3 fallback triggers on alert.
|
| TEST_F(HTTPSRequestTest, SSLv3Fallback) {
|
| SpawnedTestServer::SSLOptions ssl_options(
|
| SpawnedTestServer::SSLOptions::CERT_OK);
|
| ssl_options.tls_intolerant =
|
| SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
|
| + ssl_options.tls_intolerance_type =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_ALERT;
|
| SpawnedTestServer test_server(
|
| SpawnedTestServer::TYPE_HTTPS,
|
| ssl_options,
|
| @@ -6836,6 +6881,70 @@ TEST_F(HTTPSRequestTest, SSLv3Fallback) {
|
| EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
|
| }
|
|
|
| +// Tests that the SSLv3 fallback triggers on closed connections.
|
| +TEST_F(HTTPSRequestTest, SSLv3FallbackClosed) {
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_OK);
|
| + ssl_options.tls_intolerant =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
|
| + ssl_options.tls_intolerance_type =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE;
|
| + SpawnedTestServer test_server(
|
| + SpawnedTestServer::TYPE_HTTPS,
|
| + ssl_options,
|
| + base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
|
| + ASSERT_TRUE(test_server.Start());
|
| +
|
| + TestDelegate d;
|
| + TestURLRequestContext context(true);
|
| + context.Init();
|
| + d.set_allow_certificate_errors(true);
|
| + URLRequest r(
|
| + test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);
|
| + r.Start();
|
| +
|
| + base::RunLoop().Run();
|
| +
|
| + EXPECT_EQ(1, d.response_started_count());
|
| + EXPECT_NE(0, d.bytes_received());
|
| + EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3),
|
| + SSLConnectionStatusToVersion(r.ssl_info().connection_status));
|
| + EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK);
|
| +}
|
| +
|
| +// This test is disabled on Android because the remote test server doesn't cause
|
| +// a TCP reset.
|
| +#if !defined(OS_ANDROID)
|
| +// Tests that a reset connection does not fallback down to SSL3.
|
| +TEST_F(HTTPSRequestTest, SSLv3NoFallbackReset) {
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_OK);
|
| + ssl_options.tls_intolerant =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
|
| + ssl_options.tls_intolerance_type =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET;
|
| + SpawnedTestServer test_server(
|
| + SpawnedTestServer::TYPE_HTTPS,
|
| + ssl_options,
|
| + base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
|
| + ASSERT_TRUE(test_server.Start());
|
| +
|
| + TestDelegate d;
|
| + TestURLRequestContext context(true);
|
| + context.Init();
|
| + d.set_allow_certificate_errors(true);
|
| + URLRequest r(
|
| + test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context);
|
| + r.Start();
|
| +
|
| + base::RunLoop().Run();
|
| +
|
| + EXPECT_FALSE(r.status().is_success());
|
| + EXPECT_EQ(URLRequestStatus::FAILED, r.status().status());
|
| + EXPECT_EQ(ERR_CONNECTION_RESET, r.status().error());
|
| +}
|
| +#endif // !OS_ANDROID
|
| +
|
| namespace {
|
|
|
| class SSLClientAuthTestDelegate : public TestDelegate {
|
|
|
Chromium Code Reviews
Issue 280853002:
Preserve transport errors for OpenSSL sockets. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src