OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <shlobj.h> | 9 #include <shlobj.h> |
10 #endif | 10 #endif |
(...skipping 7030 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7041 ssl_options.tls_intolerance_type = | 7041 ssl_options.tls_intolerance_type = |
7042 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; | 7042 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; |
7043 | 7043 |
7044 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | 7044 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
7045 ExpectConnection(SSL_CONNECTION_VERSION_TLS1); | 7045 ExpectConnection(SSL_CONNECTION_VERSION_TLS1); |
7046 } | 7046 } |
7047 #endif // !OS_ANDROID | 7047 #endif // !OS_ANDROID |
7048 | 7048 |
7049 // Tests that we don't fallback on handshake failure with servers that implement | 7049 // Tests that we don't fallback on handshake failure with servers that implement |
7050 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported. | 7050 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported. |
7051 #if defined(USE_OPENSSL) | |
7052 TEST_F(HTTPSFallbackTest, DISABLED_FallbackSCSV) { | |
7053 #else | |
7054 TEST_F(HTTPSFallbackTest, FallbackSCSV) { | 7051 TEST_F(HTTPSFallbackTest, FallbackSCSV) { |
7055 #endif | |
7056 SpawnedTestServer::SSLOptions ssl_options( | 7052 SpawnedTestServer::SSLOptions ssl_options( |
7057 SpawnedTestServer::SSLOptions::CERT_OK); | 7053 SpawnedTestServer::SSLOptions::CERT_OK); |
7058 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger | 7054 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger |
7059 // a version fallback. | 7055 // a version fallback. |
7060 ssl_options.tls_intolerant = | 7056 ssl_options.tls_intolerant = |
7061 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | 7057 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
7062 // Have the server process TLS_FALLBACK_SCSV so that version fallback | 7058 // Have the server process TLS_FALLBACK_SCSV so that version fallback |
7063 // connections are rejected. | 7059 // connections are rejected. |
7064 ssl_options.fallback_scsv_enabled = true; | 7060 ssl_options.fallback_scsv_enabled = true; |
7065 | 7061 |
7066 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | 7062 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
7067 | 7063 |
7068 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version | 7064 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version |
7069 // intolerance. If the fallback SCSV is processed when the original error | 7065 // intolerance. If the fallback SCSV is processed when the original error |
7070 // that caused the fallback should be returned, which should be | 7066 // that caused the fallback should be returned, which should be |
7071 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH. | 7067 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH. |
7072 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); | 7068 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
7073 } | 7069 } |
7074 | 7070 |
7075 // Tests that we don't fallback on connection closed with servers that implement | 7071 // Tests that we don't fallback on connection closed with servers that implement |
7076 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported. | 7072 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported. |
7077 #if defined(USE_OPENSSL) | |
7078 TEST_F(HTTPSFallbackTest, DISABLED_FallbackSCSVClosed) { | |
7079 #else | |
7080 TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) { | 7073 TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) { |
7081 #endif | |
7082 SpawnedTestServer::SSLOptions ssl_options( | 7074 SpawnedTestServer::SSLOptions ssl_options( |
7083 SpawnedTestServer::SSLOptions::CERT_OK); | 7075 SpawnedTestServer::SSLOptions::CERT_OK); |
7084 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger | 7076 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger |
7085 // a version fallback. | 7077 // a version fallback. |
7086 ssl_options.tls_intolerant = | 7078 ssl_options.tls_intolerant = |
7087 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | 7079 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
7088 ssl_options.tls_intolerance_type = | 7080 ssl_options.tls_intolerance_type = |
7089 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; | 7081 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; |
7090 // Have the server process TLS_FALLBACK_SCSV so that version fallback | 7082 // Have the server process TLS_FALLBACK_SCSV so that version fallback |
7091 // connections are rejected. | 7083 // connections are rejected. |
(...skipping 1015 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8107 | 8099 |
8108 EXPECT_FALSE(r.is_pending()); | 8100 EXPECT_FALSE(r.is_pending()); |
8109 EXPECT_EQ(1, d->response_started_count()); | 8101 EXPECT_EQ(1, d->response_started_count()); |
8110 EXPECT_FALSE(d->received_data_before_response()); | 8102 EXPECT_FALSE(d->received_data_before_response()); |
8111 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 8103 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
8112 } | 8104 } |
8113 } | 8105 } |
8114 #endif // !defined(DISABLE_FTP_SUPPORT) | 8106 #endif // !defined(DISABLE_FTP_SUPPORT) |
8115 | 8107 |
8116 } // namespace net | 8108 } // namespace net |
OLD | NEW |