| Index: net/url_request/url_request_unittest.cc
|
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
|
| index 11c8f571017c40318065fb5732dcc548aef8f52c..ec373df49a05bf8e869987b6ba7ae9c8be0bb473 100644
|
| --- a/net/url_request/url_request_unittest.cc
|
| +++ b/net/url_request/url_request_unittest.cc
|
| @@ -7068,17 +7068,70 @@ TEST_F(HTTPSRequestTest, DISABLED_DisableECDSAOnXP) {
|
|
|
| #endif // OS_WIN
|
|
|
| -class HTTPSFallbackTest : public testing::Test {
|
| +class TestSSLConfigService : public SSLConfigService {
|
| public:
|
| - HTTPSFallbackTest() : context_(true) {
|
| - context_.Init();
|
| - delegate_.set_allow_certificate_errors(true);
|
| + TestSSLConfigService(bool ev_enabled,
|
| + bool online_rev_checking,
|
| + bool rev_checking_required_local_anchors)
|
| + : ev_enabled_(ev_enabled),
|
| + online_rev_checking_(online_rev_checking),
|
| + rev_checking_required_local_anchors_(
|
| + rev_checking_required_local_anchors),
|
| + fallback_min_version_(0) {}
|
| +
|
| + void set_fallback_min_version(uint16 version) {
|
| + fallback_min_version_ = version;
|
| + }
|
| +
|
| + // SSLConfigService:
|
| + virtual void GetSSLConfig(SSLConfig* config) OVERRIDE {
|
| + *config = SSLConfig();
|
| + config->rev_checking_enabled = online_rev_checking_;
|
| + config->verify_ev_cert = ev_enabled_;
|
| + config->rev_checking_required_local_anchors =
|
| + rev_checking_required_local_anchors_;
|
| + if (fallback_min_version_) {
|
| + config->version_fallback_min = fallback_min_version_;
|
| + }
|
| }
|
| +
|
| + protected:
|
| + virtual ~TestSSLConfigService() {}
|
| +
|
| + private:
|
| + const bool ev_enabled_;
|
| + const bool online_rev_checking_;
|
| + const bool rev_checking_required_local_anchors_;
|
| + uint16 fallback_min_version_;
|
| +};
|
| +
|
| +class FallbackTestURLRequestContext : public TestURLRequestContext {
|
| + public:
|
| + explicit FallbackTestURLRequestContext(bool delay_initialization)
|
| + : TestURLRequestContext(delay_initialization) {}
|
| +
|
| + void set_fallback_min_version(uint16 version) {
|
| + TestSSLConfigService *ssl_config_service =
|
| + new TestSSLConfigService(true /* check for EV */,
|
| + false /* online revocation checking */,
|
| + false /* require rev. checking for local
|
| + anchors */);
|
| + ssl_config_service->set_fallback_min_version(version);
|
| + set_ssl_config_service(ssl_config_service);
|
| + }
|
| +};
|
| +
|
| +class HTTPSFallbackTest : public testing::Test {
|
| + public:
|
| + HTTPSFallbackTest() : context_(true) {}
|
| virtual ~HTTPSFallbackTest() {}
|
|
|
| protected:
|
| void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) {
|
| DCHECK(!request_);
|
| + context_.Init();
|
| + delegate_.set_allow_certificate_errors(true);
|
| +
|
| SpawnedTestServer test_server(
|
| SpawnedTestServer::TYPE_HTTPS,
|
| ssl_options,
|
| @@ -7092,6 +7145,10 @@ class HTTPSFallbackTest : public testing::Test {
|
| base::RunLoop().Run();
|
| }
|
|
|
| + void set_fallback_min_version(uint16 version) {
|
| + context_.set_fallback_min_version(version);
|
| + }
|
| +
|
| void ExpectConnection(int version) {
|
| EXPECT_EQ(1, delegate_.response_started_count());
|
| EXPECT_NE(0, delegate_.bytes_received());
|
| @@ -7110,7 +7167,7 @@ class HTTPSFallbackTest : public testing::Test {
|
|
|
| private:
|
| TestDelegate delegate_;
|
| - TestURLRequestContext context_;
|
| + FallbackTestURLRequestContext context_;
|
| scoped_ptr<URLRequest> request_;
|
| };
|
|
|
| @@ -7186,7 +7243,7 @@ TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) {
|
| ExpectFailure(ERR_CONNECTION_CLOSED);
|
| }
|
|
|
| -// Tests that the SSLv3 fallback triggers on alert.
|
| +// Tests that the SSLv3 fallback doesn't happen by default.
|
| TEST_F(HTTPSFallbackTest, SSLv3Fallback) {
|
| SpawnedTestServer::SSLOptions ssl_options(
|
| SpawnedTestServer::SSLOptions::CERT_OK);
|
| @@ -7194,10 +7251,23 @@ TEST_F(HTTPSFallbackTest, SSLv3Fallback) {
|
| SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
|
|
|
| ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
|
| + ExpectFailure(ERR_SSL_NEEDS_MORE_FALLBACK);
|
| +}
|
| +
|
| +// Tests that the SSLv3 fallback works when explicitly enabled.
|
| +TEST_F(HTTPSFallbackTest, SSLv3FallbackEnabled) {
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_OK);
|
| + ssl_options.tls_intolerant =
|
| + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
|
| + set_fallback_min_version(SSL_PROTOCOL_VERSION_SSL3);
|
| +
|
| + ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
|
| ExpectConnection(SSL_CONNECTION_VERSION_SSL3);
|
| }
|
|
|
| -// Tests that the SSLv3 fallback triggers on closed connections.
|
| +// Tests that the SSLv3 fallback triggers on closed connections when explicitly
|
| +// enabled.
|
| TEST_F(HTTPSFallbackTest, SSLv3FallbackClosed) {
|
| SpawnedTestServer::SSLOptions ssl_options(
|
| SpawnedTestServer::SSLOptions::CERT_OK);
|
| @@ -7205,6 +7275,7 @@ TEST_F(HTTPSFallbackTest, SSLv3FallbackClosed) {
|
| SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
|
| ssl_options.tls_intolerance_type =
|
| SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE;
|
| + set_fallback_min_version(SSL_PROTOCOL_VERSION_SSL3);
|
|
|
| ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
|
| ExpectConnection(SSL_CONNECTION_VERSION_SSL3);
|
| @@ -7321,34 +7392,6 @@ TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) {
|
| }
|
| }
|
|
|
| -class TestSSLConfigService : public SSLConfigService {
|
| - public:
|
| - TestSSLConfigService(bool ev_enabled,
|
| - bool online_rev_checking,
|
| - bool rev_checking_required_local_anchors)
|
| - : ev_enabled_(ev_enabled),
|
| - online_rev_checking_(online_rev_checking),
|
| - rev_checking_required_local_anchors_(
|
| - rev_checking_required_local_anchors) {}
|
| -
|
| - // SSLConfigService:
|
| - virtual void GetSSLConfig(SSLConfig* config) OVERRIDE {
|
| - *config = SSLConfig();
|
| - config->rev_checking_enabled = online_rev_checking_;
|
| - config->verify_ev_cert = ev_enabled_;
|
| - config->rev_checking_required_local_anchors =
|
| - rev_checking_required_local_anchors_;
|
| - }
|
| -
|
| - protected:
|
| - virtual ~TestSSLConfigService() {}
|
| -
|
| - private:
|
| - const bool ev_enabled_;
|
| - const bool online_rev_checking_;
|
| - const bool rev_checking_required_local_anchors_;
|
| -};
|
| -
|
| // This the fingerprint of the "Testing CA" certificate used by the testserver.
|
| // See net/data/ssl/certificates/ocsp-test-root.pem.
|
| static const SHA1HashValue kOCSPTestCertFingerprint =
|
|
|
Chromium Code Reviews
Issue 619463002:
net: disable SSLv3 fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master