Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(263)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_unittest.cc

Issue 418553003: Implement TLS_FALLBACK_SCSV for SSLClientSocketOpenSSL. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | third_party/tlslite/patches/fallback_scsv.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "build/build_config.h" 5 #include "build/build_config.h"
6 6
7 #if defined(OS_WIN) 7 #if defined(OS_WIN)
8 #include <windows.h> 8 #include <windows.h>
9 #include <shlobj.h> 9 #include <shlobj.h>
10 #endif 10 #endif
(...skipping 7030 matching lines...) Expand 10 before | Expand all | Expand 10 after
7041 ssl_options.tls_intolerance_type = 7041 ssl_options.tls_intolerance_type =
7042 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET; 7042 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET;
7043 7043
7044 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); 7044 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
7045 ExpectConnection(SSL_CONNECTION_VERSION_TLS1); 7045 ExpectConnection(SSL_CONNECTION_VERSION_TLS1);
7046 } 7046 }
7047 #endif // !OS_ANDROID 7047 #endif // !OS_ANDROID
7048 7048
7049 // Tests that we don't fallback on handshake failure with servers that implement 7049 // Tests that we don't fallback on handshake failure with servers that implement
7050 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported. 7050 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported.
7051 #if defined(USE_OPENSSL)
7052 TEST_F(HTTPSFallbackTest, DISABLED_FallbackSCSV) {
7053 #else
7054 TEST_F(HTTPSFallbackTest, FallbackSCSV) { 7051 TEST_F(HTTPSFallbackTest, FallbackSCSV) {
7055 #endif
7056 SpawnedTestServer::SSLOptions ssl_options( 7052 SpawnedTestServer::SSLOptions ssl_options(
7057 SpawnedTestServer::SSLOptions::CERT_OK); 7053 SpawnedTestServer::SSLOptions::CERT_OK);
7058 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger 7054 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger
7059 // a version fallback. 7055 // a version fallback.
7060 ssl_options.tls_intolerant = 7056 ssl_options.tls_intolerant =
7061 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; 7057 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
7062 // Have the server process TLS_FALLBACK_SCSV so that version fallback 7058 // Have the server process TLS_FALLBACK_SCSV so that version fallback
7063 // connections are rejected. 7059 // connections are rejected.
7064 ssl_options.fallback_scsv_enabled = true; 7060 ssl_options.fallback_scsv_enabled = true;
7065 7061
7066 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); 7062 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
7067 7063
7068 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version 7064 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version
7069 // intolerance. If the fallback SCSV is processed when the original error 7065 // intolerance. If the fallback SCSV is processed when the original error
7070 // that caused the fallback should be returned, which should be 7066 // that caused the fallback should be returned, which should be
7071 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH. 7067 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
7072 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); 7068 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
7073 } 7069 }
7074 7070
7075 // Tests that we don't fallback on connection closed with servers that implement 7071 // Tests that we don't fallback on connection closed with servers that implement
7076 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported. 7072 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported.
7077 #if defined(USE_OPENSSL)
7078 TEST_F(HTTPSFallbackTest, DISABLED_FallbackSCSVClosed) {
7079 #else
7080 TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) { 7073 TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) {
7081 #endif
7082 SpawnedTestServer::SSLOptions ssl_options( 7074 SpawnedTestServer::SSLOptions ssl_options(
7083 SpawnedTestServer::SSLOptions::CERT_OK); 7075 SpawnedTestServer::SSLOptions::CERT_OK);
7084 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger 7076 // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger
7085 // a version fallback. 7077 // a version fallback.
7086 ssl_options.tls_intolerant = 7078 ssl_options.tls_intolerant =
7087 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; 7079 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
7088 ssl_options.tls_intolerance_type = 7080 ssl_options.tls_intolerance_type =
7089 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; 7081 SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE;
7090 // Have the server process TLS_FALLBACK_SCSV so that version fallback 7082 // Have the server process TLS_FALLBACK_SCSV so that version fallback
7091 // connections are rejected. 7083 // connections are rejected.
(...skipping 1015 matching lines...) Expand 10 before | Expand all | Expand 10 after
8107 8099
8108 EXPECT_FALSE(r.is_pending()); 8100 EXPECT_FALSE(r.is_pending());
8109 EXPECT_EQ(1, d->response_started_count()); 8101 EXPECT_EQ(1, d->response_started_count());
8110 EXPECT_FALSE(d->received_data_before_response()); 8102 EXPECT_FALSE(d->received_data_before_response());
8111 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); 8103 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size));
8112 } 8104 }
8113 } 8105 }
8114 #endif // !defined(DISABLE_FTP_SUPPORT) 8106 #endif // !defined(DISABLE_FTP_SUPPORT)
8115 8107
8116 } // namespace net 8108 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | third_party/tlslite/patches/fallback_scsv.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698