| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_response_info.h" | 5 #include "net/http/http_response_info.h" |
| 6 | 6 |
| 7 #include "base/pickle.h" | 7 #include "base/pickle.h" |
| 8 #include "net/cert/signed_certificate_timestamp.h" | 8 #include "net/cert/signed_certificate_timestamp.h" |
| 9 #include "net/cert/signed_certificate_timestamp_and_status.h" | 9 #include "net/cert/signed_certificate_timestamp_and_status.h" |
| 10 #include "net/http/http_response_headers.h" | 10 #include "net/http/http_response_headers.h" |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 156 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2, | 156 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2, |
| 157 &response_info_.ssl_info.connection_status); | 157 &response_info_.ssl_info.connection_status); |
| 158 SSLConnectionStatusSetCipherSuite(0xffff, | 158 SSLConnectionStatusSetCipherSuite(0xffff, |
| 159 &response_info_.ssl_info.connection_status); | 159 &response_info_.ssl_info.connection_status); |
| 160 response_info_.ssl_info.key_exchange_group = 1024; | 160 response_info_.ssl_info.key_exchange_group = 1024; |
| 161 net::HttpResponseInfo restored_response_info; | 161 net::HttpResponseInfo restored_response_info; |
| 162 PickleAndRestore(response_info_, &restored_response_info); | 162 PickleAndRestore(response_info_, &restored_response_info); |
| 163 EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group); | 163 EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group); |
| 164 } | 164 } |
| 165 | 165 |
| 166 // Tests that cache entries loaded over SSLv3 (no longer supported) are dropped. |
| 167 TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithSSLV3) { |
| 168 // A valid certificate is needed for ssl_info.is_valid() to be true. |
| 169 response_info_.ssl_info.cert = |
| 170 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); |
| 171 |
| 172 // Non-SSLv3 versions should succeed. |
| 173 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2, |
| 174 &response_info_.ssl_info.connection_status); |
| 175 base::Pickle tls12_pickle; |
| 176 response_info_.Persist(&tls12_pickle, false, false); |
| 177 bool truncated = false; |
| 178 net::HttpResponseInfo restored_tls12_response_info; |
| 179 EXPECT_TRUE( |
| 180 restored_tls12_response_info.InitFromPickle(tls12_pickle, &truncated)); |
| 181 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2, |
| 182 SSLConnectionStatusToVersion( |
| 183 restored_tls12_response_info.ssl_info.connection_status)); |
| 184 EXPECT_FALSE(truncated); |
| 185 |
| 186 // SSLv3 should fail. |
| 187 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_SSL3, |
| 188 &response_info_.ssl_info.connection_status); |
| 189 base::Pickle ssl3_pickle; |
| 190 response_info_.Persist(&ssl3_pickle, false, false); |
| 191 net::HttpResponseInfo restored_ssl3_response_info; |
| 192 EXPECT_FALSE( |
| 193 restored_ssl3_response_info.InitFromPickle(ssl3_pickle, &truncated)); |
| 194 } |
| 195 |
| 166 } // namespace | 196 } // namespace |
| 167 | 197 |
| 168 } // namespace net | 198 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2923403002:
Drop SSLv3 cache entries (Closed)
