Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(209)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_unittest.cc

Issue 495663002: OpenSSL: Disable ECDSA cipher suites on Windows XP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Bounce through testserver.py instead. Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/tools/testserver/testserver.py ('k') | third_party/tlslite/README.chromium » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 7e22546891da70a95f2daeb57614a7c41bdf7289..626fa010b6380cbc15a89cdfa8eae67515d5b6d5 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -61,6 +61,7 @@
#include "net/ocsp/nss_ocsp.h"
#include "net/proxy/proxy_service.h"
#include "net/socket/ssl_client_socket.h"
+#include "net/ssl/ssl_cipher_suite_names.h"
#include "net/ssl/ssl_connection_status_flags.h"
#include "net/test/cert_test_util.h"
#include "net/test/spawned_test_server/spawned_test_server.h"
@@ -6931,6 +6932,57 @@ TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) {
}
}
+#if defined(OS_WIN)
+
+namespace {
+
+bool IsECDSACipherSuite(uint16_t cipher_suite) {
+ const char* key_exchange;
+ const char* cipher;
+ const char* mac;
+ bool is_aead;
+ SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite);
+ return std::string(key_exchange).find("ECDSA") != std::string::npos;
+}
+
+} // namespace
+
+// Test that ECDSA is disabled on Windows XP, where ECDSA certificates cannot be
+// verified.
+TEST_F(HTTPSRequestTest, DisableECDSAOnXP) {
+ if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
+ LOG(INFO) << "Skipping test on this version.";
+ return;
+ }
+
+ SpawnedTestServer test_server(
+ SpawnedTestServer::TYPE_HTTPS,
+ SpawnedTestServer::kLocalhost,
+ base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
+ ASSERT_TRUE(test_server.Start());
+
+ TestDelegate d;
+ scoped_ptr<URLRequest> r(default_context_.CreateRequest(
+ test_server.GetURL("client-cipher-list"), DEFAULT_PRIORITY, &d, NULL));
+ r->Start();
+ EXPECT_TRUE(r->is_pending());
+
+ base::RunLoop().Run();
+
+ EXPECT_EQ(1, d.response_started_count());
+ std::vector<std::string> lines;
+ base::SplitString(d.data_received(), '\n', &lines);
+
+ for (size_t i = 0; i < lines.size(); i++) {
+ int cipher_suite;
+ ASSERT_TRUE(base::StringToInt(lines[i], &cipher_suite));
+ EXPECT_FALSE(IsECDSACipherSuite(cipher_suite))
+ << "ClientHello advertised " << std::hex << cipher_suite;
Ryan Sleevi 2014/09/03 19:08:58 Don't modify the stream like this if you don't res
davidben 2014/09/03 19:15:32 Done.
+ }
+}
+
+#endif // OS_WIN
+
class HTTPSFallbackTest : public testing::Test {
public:
HTTPSFallbackTest() : context_(true) {
« no previous file with comments | « net/tools/testserver/testserver.py ('k') | third_party/tlslite/README.chromium » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698