Index: net/spdy/chromium/spdy_session_unittest.cc |
diff --git a/net/spdy/chromium/spdy_session_unittest.cc b/net/spdy/chromium/spdy_session_unittest.cc |
index 57bfa214e1010e232bae6f905a18afe32b0f58f3..6b0b2b093414503457db58255af3e9cf727022f6 100644 |
--- a/net/spdy/chromium/spdy_session_unittest.cc |
+++ b/net/spdy/chromium/spdy_session_unittest.cc |
@@ -5945,6 +5945,36 @@ TEST(CanPoolTest, CanPool) { |
&tss, ssl_info, "www.example.org", "mail.google.com")); |
} |
+TEST(CanPoolTest, CanPoolExpectCT) { |
+ base::test::ScopedFeatureList feature_list; |
+ feature_list.InitAndEnableFeature( |
+ TransportSecurityState::kDynamicExpectCTFeature); |
+ // Load a cert that is valid for: |
+ // www.example.org |
+ // mail.example.org |
+ // mail.example.com |
+ |
+ TransportSecurityState tss; |
+ SSLInfo ssl_info; |
+ ssl_info.cert = |
+ ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"); |
+ ssl_info.unverified_cert = ssl_info.cert; |
+ ssl_info.ct_cert_policy_compliance = |
+ ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS; |
+ ssl_info.is_issued_by_known_root = true; |
+ |
+ EXPECT_TRUE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", |
+ "www.example.org")); |
+ |
+ const base::Time current_time(base::Time::Now()); |
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
+ tss.AddExpectCT("www.example.org", expiry, true, GURL()); |
+ ssl_info.ct_cert_policy_compliance = |
+ ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS; |
+ EXPECT_FALSE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", |
+ "www.example.org")); |
mattm
2017/05/02 23:32:52
use different hostnames so that the test verifies
estark
2017/05/04 01:18:30
Done.
|
+} |
+ |
TEST(CanPoolTest, CanNotPoolWithCertErrors) { |
// Load a cert that is valid for: |
// www.example.org |