OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <shlobj.h> | 9 #include <shlobj.h> |
10 #endif | 10 #endif |
(...skipping 6574 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6585 | 6585 |
6586 base::RunLoop().Run(); | 6586 base::RunLoop().Run(); |
6587 | 6587 |
6588 EXPECT_EQ(1, d.response_started_count()); | 6588 EXPECT_EQ(1, d.response_started_count()); |
6589 EXPECT_NE(0, d.bytes_received()); | 6589 EXPECT_NE(0, d.bytes_received()); |
6590 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | 6590 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), |
6591 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6591 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6592 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6592 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6593 } | 6593 } |
6594 | 6594 |
6595 // This test is disabled on Android because the remote test server doesn't cause | |
6596 // a TCP reset. | |
6597 #if !defined(OS_ANDROID) | |
6598 // Tests fallback to TLS 1.0 on connection reset. | |
6599 TEST_F(HTTPSRequestTest, TLSv1FallbackReset) { | |
6600 // The OpenSSL library in use may not support TLS 1.1. | |
6601 #if !defined(USE_OPENSSL) | |
wtc
2014/06/24 21:33:29
I think we should delete this check now. Please al
davidben
2014/06/25 21:19:56
Good idea. We don't support building against old O
| |
6602 EXPECT_GT(kDefaultSSLVersionMax, SSL_PROTOCOL_VERSION_TLS1); | |
6603 #endif | |
6604 if (kDefaultSSLVersionMax <= SSL_PROTOCOL_VERSION_TLS1) | |
6605 return; | |
6606 | |
6607 SpawnedTestServer::SSLOptions ssl_options( | |
6608 SpawnedTestServer::SSLOptions::CERT_OK); | |
6609 ssl_options.tls_intolerant = | |
6610 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; | |
6611 ssl_options.tls_intolerance_type = | |
6612 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; | |
wtc
2014/06/24 21:33:29
Rather than duplicating the code of TLSv1Fallback,
davidben
2014/06/25 21:19:56
I moved it to a fixture but didn't use INSTANTIATE
| |
6613 SpawnedTestServer test_server( | |
6614 SpawnedTestServer::TYPE_HTTPS, | |
6615 ssl_options, | |
6616 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
6617 ASSERT_TRUE(test_server.Start()); | |
6618 | |
6619 TestDelegate d; | |
6620 TestURLRequestContext context(true); | |
6621 context.Init(); | |
6622 d.set_allow_certificate_errors(true); | |
6623 URLRequest r( | |
6624 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | |
6625 r.Start(); | |
6626 | |
6627 base::RunLoop().Run(); | |
6628 | |
6629 EXPECT_EQ(1, d.response_started_count()); | |
6630 EXPECT_NE(0, d.bytes_received()); | |
6631 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_TLS1), | |
6632 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | |
6633 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | |
6634 } | |
6635 #endif // !OS_ANDROID | |
6636 | |
6595 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. | 6637 // Tests that we don't fallback with servers that implement TLS_FALLBACK_SCSV. |
6596 #if defined(USE_OPENSSL) | 6638 #if defined(USE_OPENSSL) |
6597 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { | 6639 TEST_F(HTTPSRequestTest, DISABLED_FallbackSCSV) { |
6598 #else | 6640 #else |
6599 TEST_F(HTTPSRequestTest, FallbackSCSV) { | 6641 TEST_F(HTTPSRequestTest, FallbackSCSV) { |
6600 #endif | 6642 #endif |
6601 SpawnedTestServer::SSLOptions ssl_options( | 6643 SpawnedTestServer::SSLOptions ssl_options( |
6602 SpawnedTestServer::SSLOptions::CERT_OK); | 6644 SpawnedTestServer::SSLOptions::CERT_OK); |
6603 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger | 6645 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger |
6604 // a version fallback. | 6646 // a version fallback. |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6801 EXPECT_EQ("https", req.url().scheme()); | 6843 EXPECT_EQ("https", req.url().scheme()); |
6802 EXPECT_EQ("POST", req.method()); | 6844 EXPECT_EQ("POST", req.method()); |
6803 EXPECT_EQ(kData, d.data_received()); | 6845 EXPECT_EQ(kData, d.data_received()); |
6804 | 6846 |
6805 LoadTimingInfo load_timing_info; | 6847 LoadTimingInfo load_timing_info; |
6806 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info); | 6848 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info); |
6807 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits | 6849 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits |
6808 TestLoadTimingCacheHitNoNetwork(load_timing_info); | 6850 TestLoadTimingCacheHitNoNetwork(load_timing_info); |
6809 } | 6851 } |
6810 | 6852 |
6853 // Tests that the SSLv3 fallback triggers on alert. | |
6811 TEST_F(HTTPSRequestTest, SSLv3Fallback) { | 6854 TEST_F(HTTPSRequestTest, SSLv3Fallback) { |
6812 SpawnedTestServer::SSLOptions ssl_options( | 6855 SpawnedTestServer::SSLOptions ssl_options( |
6813 SpawnedTestServer::SSLOptions::CERT_OK); | 6856 SpawnedTestServer::SSLOptions::CERT_OK); |
6814 ssl_options.tls_intolerant = | 6857 ssl_options.tls_intolerant = |
6815 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | 6858 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
6859 ssl_options.tls_intolerance_type = | |
6860 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_ALERT; | |
6816 SpawnedTestServer test_server( | 6861 SpawnedTestServer test_server( |
6817 SpawnedTestServer::TYPE_HTTPS, | 6862 SpawnedTestServer::TYPE_HTTPS, |
6818 ssl_options, | 6863 ssl_options, |
6819 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 6864 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
6820 ASSERT_TRUE(test_server.Start()); | 6865 ASSERT_TRUE(test_server.Start()); |
6821 | 6866 |
6822 TestDelegate d; | 6867 TestDelegate d; |
6823 TestURLRequestContext context(true); | 6868 TestURLRequestContext context(true); |
6824 context.Init(); | 6869 context.Init(); |
6825 d.set_allow_certificate_errors(true); | 6870 d.set_allow_certificate_errors(true); |
6826 URLRequest r( | 6871 URLRequest r( |
6827 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | 6872 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); |
6828 r.Start(); | 6873 r.Start(); |
6829 | 6874 |
6830 base::RunLoop().Run(); | 6875 base::RunLoop().Run(); |
6831 | 6876 |
6832 EXPECT_EQ(1, d.response_started_count()); | 6877 EXPECT_EQ(1, d.response_started_count()); |
6833 EXPECT_NE(0, d.bytes_received()); | 6878 EXPECT_NE(0, d.bytes_received()); |
6834 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), | 6879 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), |
6835 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | 6880 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); |
6836 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | 6881 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); |
6837 } | 6882 } |
6838 | 6883 |
6884 // Tests that the SSLv3 fallback triggers on closed connections. | |
6885 TEST_F(HTTPSRequestTest, SSLv3FallbackClosed) { | |
6886 SpawnedTestServer::SSLOptions ssl_options( | |
6887 SpawnedTestServer::SSLOptions::CERT_OK); | |
6888 ssl_options.tls_intolerant = | |
6889 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | |
6890 ssl_options.tls_intolerance_type = | |
6891 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; | |
6892 SpawnedTestServer test_server( | |
6893 SpawnedTestServer::TYPE_HTTPS, | |
6894 ssl_options, | |
6895 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
6896 ASSERT_TRUE(test_server.Start()); | |
6897 | |
6898 TestDelegate d; | |
6899 TestURLRequestContext context(true); | |
6900 context.Init(); | |
6901 d.set_allow_certificate_errors(true); | |
6902 URLRequest r( | |
6903 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | |
6904 r.Start(); | |
6905 | |
6906 base::RunLoop().Run(); | |
6907 | |
6908 EXPECT_EQ(1, d.response_started_count()); | |
6909 EXPECT_NE(0, d.bytes_received()); | |
6910 EXPECT_EQ(static_cast<int>(SSL_CONNECTION_VERSION_SSL3), | |
6911 SSLConnectionStatusToVersion(r.ssl_info().connection_status)); | |
6912 EXPECT_TRUE(r.ssl_info().connection_status & SSL_CONNECTION_VERSION_FALLBACK); | |
6913 } | |
6914 | |
6915 // This test is disabled on Android because the remote test server doesn't cause | |
6916 // a TCP reset. It also does not pass on OpenSSL. https://crbug.com/372849 | |
6917 #if !defined(OS_ANDROID) && !defined(USE_OPENSSL) | |
6918 // Tests that a reset connection does not fallback down to SSL3. | |
6919 TEST_F(HTTPSRequestTest, SSLv3NoFallbackReset) { | |
6920 SpawnedTestServer::SSLOptions ssl_options( | |
6921 SpawnedTestServer::SSLOptions::CERT_OK); | |
6922 ssl_options.tls_intolerant = | |
6923 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | |
6924 ssl_options.tls_intolerance_type = | |
6925 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; | |
6926 SpawnedTestServer test_server( | |
6927 SpawnedTestServer::TYPE_HTTPS, | |
6928 ssl_options, | |
6929 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
6930 ASSERT_TRUE(test_server.Start()); | |
6931 | |
6932 TestDelegate d; | |
6933 TestURLRequestContext context(true); | |
6934 context.Init(); | |
6935 d.set_allow_certificate_errors(true); | |
6936 URLRequest r( | |
6937 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &d, &context); | |
6938 r.Start(); | |
6939 | |
6940 base::RunLoop().Run(); | |
6941 | |
6942 EXPECT_FALSE(r.status().is_success()); | |
6943 EXPECT_EQ(URLRequestStatus::FAILED, r.status().status()); | |
6944 EXPECT_EQ(ERR_CONNECTION_RESET, r.status().error()); | |
6945 } | |
6946 #endif // !OS_ANDROID && !USE_OPENSSL | |
6947 | |
6839 namespace { | 6948 namespace { |
6840 | 6949 |
6841 class SSLClientAuthTestDelegate : public TestDelegate { | 6950 class SSLClientAuthTestDelegate : public TestDelegate { |
6842 public: | 6951 public: |
6843 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { | 6952 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) { |
6844 } | 6953 } |
6845 virtual void OnCertificateRequested( | 6954 virtual void OnCertificateRequested( |
6846 URLRequest* request, | 6955 URLRequest* request, |
6847 SSLCertRequestInfo* cert_request_info) OVERRIDE { | 6956 SSLCertRequestInfo* cert_request_info) OVERRIDE { |
6848 on_certificate_requested_count_++; | 6957 on_certificate_requested_count_++; |
(...skipping 1179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8028 | 8137 |
8029 EXPECT_FALSE(r.is_pending()); | 8138 EXPECT_FALSE(r.is_pending()); |
8030 EXPECT_EQ(1, d->response_started_count()); | 8139 EXPECT_EQ(1, d->response_started_count()); |
8031 EXPECT_FALSE(d->received_data_before_response()); | 8140 EXPECT_FALSE(d->received_data_before_response()); |
8032 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 8141 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
8033 } | 8142 } |
8034 } | 8143 } |
8035 #endif // !defined(DISABLE_FTP_SUPPORT) | 8144 #endif // !defined(DISABLE_FTP_SUPPORT) |
8036 | 8145 |
8037 } // namespace net | 8146 } // namespace net |
OLD | NEW |