| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 2772 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2783 ssl_options.key_exchanges = | 2783 ssl_options.key_exchanges = |
| 2784 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2784 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2785 ASSERT_TRUE(StartTestServer(ssl_options)); | 2785 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2786 | 2786 |
| 2787 SSLConfig ssl_config; | 2787 SSLConfig ssl_config; |
| 2788 int rv; | 2788 int rv; |
| 2789 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2789 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2790 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); | 2790 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); |
| 2791 } | 2791 } |
| 2792 | 2792 |
| 2793 // Tests that enabling deprecated ciphers shards the session cache. | |
| 2794 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { | |
| 2795 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | |
| 2796 | |
| 2797 // Prepare a normal and deprecated SSL config. | |
| 2798 SSLConfig ssl_config; | |
| 2799 SSLConfig deprecated_ssl_config; | |
| 2800 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; | |
| 2801 | |
| 2802 // Connect with deprecated ciphers enabled to warm the session cache cache. | |
| 2803 int rv; | |
| 2804 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); | |
| 2805 EXPECT_THAT(rv, IsOk()); | |
| 2806 SSLInfo ssl_info; | |
| 2807 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2808 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2809 | |
| 2810 // Test that re-connecting with deprecated ciphers enabled still resumes. | |
| 2811 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); | |
| 2812 EXPECT_THAT(rv, IsOk()); | |
| 2813 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2814 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | |
| 2815 | |
| 2816 // However, a normal connection needs a full handshake. | |
| 2817 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2818 EXPECT_THAT(rv, IsOk()); | |
| 2819 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2820 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2821 | |
| 2822 // Clear the session cache for the inverse test. | |
| 2823 SSLClientSocket::ClearSessionCache(); | |
| 2824 | |
| 2825 // Now make a normal connection to prime the session cache. | |
| 2826 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2827 EXPECT_THAT(rv, IsOk()); | |
| 2828 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2829 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2830 | |
| 2831 // A normal connection should be able to resume. | |
| 2832 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2833 EXPECT_THAT(rv, IsOk()); | |
| 2834 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2835 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | |
| 2836 | |
| 2837 // However, enabling deprecated ciphers connects fresh. | |
| 2838 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); | |
| 2839 EXPECT_THAT(rv, IsOk()); | |
| 2840 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | |
| 2841 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2842 } | |
| 2843 | |
| 2844 // Tests that the version_interference_probe option rejects successful | 2793 // Tests that the version_interference_probe option rejects successful |
| 2845 // connections and passes errors through. | 2794 // connections and passes errors through. |
| 2846 TEST_F(SSLClientSocketTest, VersionInterferenceProbe) { | 2795 TEST_F(SSLClientSocketTest, VersionInterferenceProbe) { |
| 2847 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 2796 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
| 2848 | 2797 |
| 2849 SSLConfig ssl_config; | 2798 SSLConfig ssl_config; |
| 2850 ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; | 2799 ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; |
| 2851 ssl_config.version_interference_probe = true; | 2800 ssl_config.version_interference_probe = true; |
| 2852 | 2801 |
| 2853 // Successful connections map to a dedicated error. | 2802 // Successful connections map to a dedicated error. |
| (...skipping 1056 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3910 // The read buffer should be released. | 3859 // The read buffer should be released. |
| 3911 StreamSocket::SocketMemoryStats stats; | 3860 StreamSocket::SocketMemoryStats stats; |
| 3912 client->DumpMemoryStats(&stats); | 3861 client->DumpMemoryStats(&stats); |
| 3913 EXPECT_EQ(0u, stats.buffer_size); | 3862 EXPECT_EQ(0u, stats.buffer_size); |
| 3914 EXPECT_EQ(1u, stats.cert_count); | 3863 EXPECT_EQ(1u, stats.cert_count); |
| 3915 EXPECT_LT(0u, stats.cert_size); | 3864 EXPECT_LT(0u, stats.cert_size); |
| 3916 EXPECT_EQ(stats.cert_size, stats.total_size); | 3865 EXPECT_EQ(stats.cert_size, stats.total_size); |
| 3917 } | 3866 } |
| 3918 | 3867 |
| 3919 } // namespace net | 3868 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2858693003:
Remove the deprecated cipher fallback. (Closed)
