Chromium Code Reviews Chromium Code Reviews
Issue 338093012:
Fix SSLClientSocketOpenSSL error-handling for Channel ID. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "net/base/address_list.h" | 10 #include "net/base/address_list.h" |
| (...skipping 569 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 580 base::Time delete_end, | 580 base::Time delete_end, |
| 581 const base::Closure& completion_callback) | 581 const base::Closure& completion_callback) |
| 582 OVERRIDE {} | 582 OVERRIDE {} |
| 583 virtual void DeleteAll(const base::Closure& completion_callback) OVERRIDE {} | 583 virtual void DeleteAll(const base::Closure& completion_callback) OVERRIDE {} |
| 584 virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) | 584 virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) |
| 585 OVERRIDE {} | 585 OVERRIDE {} |
| 586 virtual int GetCertCount() OVERRIDE { return 0; } | 586 virtual int GetCertCount() OVERRIDE { return 0; } |
| 587 virtual void SetForceKeepSessionState() OVERRIDE {} | 587 virtual void SetForceKeepSessionState() OVERRIDE {} |
| 588 }; | 588 }; |
| 589 | 589 |
| 590 // A ServerBoundCertStore that asynchronously returns an error when asked for a | |
| 591 // certificate. | |
| 592 class AsyncFailingServerBoundCertStore : public ServerBoundCertStore { | |
| 593 virtual int GetServerBoundCert(const std::string& server_identifier, | |
| 594 base::Time* expiration_time, | |
| 595 std::string* private_key_result, | |
| 596 std::string* cert_result, | |
| 597 const GetCertCallback& callback) OVERRIDE { | |
| 598 base::MessageLoop::current()->PostTask( | |
| 599 FROM_HERE, base::Bind(callback, ERR_UNEXPECTED, | |
| 600 server_identifier, base::Time(), "", "")); | |
| 601 return ERR_IO_PENDING; | |
| 602 } | |
| 603 virtual void SetServerBoundCert(const std::string& server_identifier, | |
| 604 base::Time creation_time, | |
| 605 base::Time expiration_time, | |
| 606 const std::string& private_key, | |
| 607 const std::string& cert) OVERRIDE {} | |
| 608 virtual void DeleteServerBoundCert(const std::string& server_identifier, | |
| 609 const base::Closure& completion_callback) | |
| 610 OVERRIDE {} | |
| 611 virtual void DeleteAllCreatedBetween(base::Time delete_begin, | |
| 612 base::Time delete_end, | |
| 613 const base::Closure& completion_callback) | |
| 614 OVERRIDE {} | |
| 615 virtual void DeleteAll(const base::Closure& completion_callback) OVERRIDE {} | |
| 616 virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) | |
| 617 OVERRIDE {} | |
| 618 virtual int GetCertCount() OVERRIDE { return 0; } | |
| 619 virtual void SetForceKeepSessionState() OVERRIDE {} | |
| 620 }; | |
| 621 | |
| 590 class SSLClientSocketTest : public PlatformTest { | 622 class SSLClientSocketTest : public PlatformTest { |
| 591 public: | 623 public: |
| 592 SSLClientSocketTest() | 624 SSLClientSocketTest() |
| 593 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), | 625 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), |
| 594 cert_verifier_(new MockCertVerifier), | 626 cert_verifier_(new MockCertVerifier), |
| 595 transport_security_state_(new TransportSecurityState) { | 627 transport_security_state_(new TransportSecurityState) { |
| 596 cert_verifier_->set_default_result(OK); | 628 cert_verifier_->set_default_result(OK); |
| 597 context_.cert_verifier = cert_verifier_.get(); | 629 context_.cert_verifier = cert_verifier_.get(); |
| 598 context_.transport_security_state = transport_security_state_.get(); | 630 context_.transport_security_state = transport_security_state_.get(); |
| 599 } | 631 } |
| (...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 844 base::MessageLoopProxy::current())); | 876 base::MessageLoopProxy::current())); |
| 845 context_.server_bound_cert_service = cert_service_.get(); | 877 context_.server_bound_cert_service = cert_service_.get(); |
| 846 } | 878 } |
| 847 | 879 |
| 848 void EnableFailingChannelID() { | 880 void EnableFailingChannelID() { |
| 849 cert_service_.reset(new ServerBoundCertService( | 881 cert_service_.reset(new ServerBoundCertService( |
| 850 new FailingServerBoundCertStore(), base::MessageLoopProxy::current())); | 882 new FailingServerBoundCertStore(), base::MessageLoopProxy::current())); |
| 851 context_.server_bound_cert_service = cert_service_.get(); | 883 context_.server_bound_cert_service = cert_service_.get(); |
| 852 } | 884 } |
| 853 | 885 |
| 886 void EnableAsyncFailingChannelID() { | |
| 887 cert_service_.reset(new ServerBoundCertService( | |
| 888 new AsyncFailingServerBoundCertStore(), | |
| 889 base::MessageLoopProxy::current())); | |
| 890 context_.server_bound_cert_service = cert_service_.get(); | |
| 891 } | |
| 892 | |
| 854 private: | 893 private: |
| 855 scoped_ptr<ServerBoundCertService> cert_service_; | 894 scoped_ptr<ServerBoundCertService> cert_service_; |
| 856 }; | 895 }; |
| 857 | 896 |
| 858 //----------------------------------------------------------------------------- | 897 //----------------------------------------------------------------------------- |
| 859 | 898 |
| 860 // LogContainsSSLConnectEndEvent returns true if the given index in the given | 899 // LogContainsSSLConnectEndEvent returns true if the given index in the given |
| 861 // log is an SSL connect end event. The NSS sockets will cork in an attempt to | 900 // log is an SSL connect end event. The NSS sockets will cork in an attempt to |
| 862 // merge the first application data record with the Finished message when false | 901 // merge the first application data record with the Finished message when false |
| 863 // starting. However, in order to avoid the server timing out the handshake, | 902 // starting. However, in order to avoid the server timing out the handshake, |
| (...skipping 1745 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2609 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2648 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2610 | 2649 |
| 2611 EXPECT_EQ(OK, rv); | 2650 EXPECT_EQ(OK, rv); |
| 2612 EXPECT_TRUE(sock_->IsConnected()); | 2651 EXPECT_TRUE(sock_->IsConnected()); |
| 2613 EXPECT_TRUE(sock_->WasChannelIDSent()); | 2652 EXPECT_TRUE(sock_->WasChannelIDSent()); |
| 2614 | 2653 |
| 2615 sock_->Disconnect(); | 2654 sock_->Disconnect(); |
| 2616 EXPECT_FALSE(sock_->IsConnected()); | 2655 EXPECT_FALSE(sock_->IsConnected()); |
| 2617 } | 2656 } |
| 2618 | 2657 |
| 2619 // Connect to a server using channel id but without sending a key. It should | 2658 // Connect to a server using channel id but failing to query the store. It |
|
wtc
2014/06/19 22:00:11
Nit: "failing to query the store" sounds like we d
davidben
2014/06/19 22:36:38
Done.
| |
| 2620 // fail. | 2659 // should fail. |
| 2621 TEST_F(SSLClientSocketChannelIDTest, FailingChannelID) { | 2660 TEST_F(SSLClientSocketChannelIDTest, FailingChannelID) { |
| 2622 SpawnedTestServer::SSLOptions ssl_options; | 2661 SpawnedTestServer::SSLOptions ssl_options; |
| 2623 | 2662 |
| 2624 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | 2663 ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
| 2625 | 2664 |
| 2626 EnableFailingChannelID(); | 2665 EnableFailingChannelID(); |
| 2627 SSLConfig ssl_config = kDefaultSSLConfig; | 2666 SSLConfig ssl_config = kDefaultSSLConfig; |
| 2628 ssl_config.channel_id_enabled = true; | 2667 ssl_config.channel_id_enabled = true; |
| 2629 | 2668 |
| 2630 int rv; | 2669 int rv; |
| 2631 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2670 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2632 | 2671 |
| 2633 // TODO(haavardm@opera.com): Due to differences in threading, Linux returns | 2672 // TODO(haavardm@opera.com): Due to differences in threading, Linux returns |
| 2634 // ERR_UNEXPECTED while Mac and Windows return ERR_PROTOCOL_ERROR. Accept all | 2673 // ERR_UNEXPECTED while Mac and Windows return ERR_PROTOCOL_ERROR. Accept all |
| 2635 // error codes for now. | 2674 // error codes for now. |
| 2636 // http://crbug.com/373670 | 2675 // http://crbug.com/373670 |
| 2637 EXPECT_NE(OK, rv); | 2676 EXPECT_NE(OK, rv); |
| 2638 EXPECT_FALSE(sock_->IsConnected()); | 2677 EXPECT_FALSE(sock_->IsConnected()); |
| 2639 } | 2678 } |
| 2640 | 2679 |
| 2680 // Connect to a server using channel id but asynchronously failing to query the | |
| 2681 // store. It should fail. | |
| 2682 TEST_F(SSLClientSocketChannelIDTest, FailingChannelIDAsync) { | |
| 2683 SpawnedTestServer::SSLOptions ssl_options; | |
| 2684 | |
| 2685 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | |
| 2686 | |
| 2687 EnableAsyncFailingChannelID(); | |
| 2688 SSLConfig ssl_config = kDefaultSSLConfig; | |
| 2689 ssl_config.channel_id_enabled = true; | |
| 2690 | |
| 2691 int rv; | |
| 2692 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2693 | |
| 2694 EXPECT_EQ(ERR_UNEXPECTED, rv); | |
| 2695 EXPECT_FALSE(sock_->IsConnected()); | |
| 2696 } | |
| 2697 | |
| 2641 } // namespace net | 2698 } // namespace net |
| OLD | NEW |
