Index: net/url_request/url_request_unittest.cc |
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc |
index 11c8f571017c40318065fb5732dcc548aef8f52c..a77dac70d01d0bf64cdd307d78d1dd9806f88558 100644 |
--- a/net/url_request/url_request_unittest.cc |
+++ b/net/url_request/url_request_unittest.cc |
@@ -7068,17 +7068,70 @@ TEST_F(HTTPSRequestTest, DISABLED_DisableECDSAOnXP) { |
#endif // OS_WIN |
-class HTTPSFallbackTest : public testing::Test { |
+class TestSSLConfigService : public SSLConfigService { |
public: |
- HTTPSFallbackTest() : context_(true) { |
- context_.Init(); |
- delegate_.set_allow_certificate_errors(true); |
+ TestSSLConfigService(bool ev_enabled, |
+ bool online_rev_checking, |
+ bool rev_checking_required_local_anchors) |
+ : ev_enabled_(ev_enabled), |
+ online_rev_checking_(online_rev_checking), |
+ rev_checking_required_local_anchors_( |
+ rev_checking_required_local_anchors), |
+ fallback_min_version_(0) {} |
+ |
+ void set_fallback_min_version(uint16 version) { |
+ fallback_min_version_ = version; |
+ } |
+ |
+ // SSLConfigService: |
+ virtual void GetSSLConfig(SSLConfig* config) OVERRIDE { |
+ *config = SSLConfig(); |
+ config->rev_checking_enabled = online_rev_checking_; |
+ config->verify_ev_cert = ev_enabled_; |
+ config->rev_checking_required_local_anchors = |
+ rev_checking_required_local_anchors_; |
+ if (fallback_min_version_) { |
+ config->version_fallback_min = fallback_min_version_; |
+ } |
Ryan Sleevi
2014/10/01 21:25:05
nit: no braces
|
} |
+ |
+ protected: |
+ virtual ~TestSSLConfigService() {} |
+ |
+ private: |
+ const bool ev_enabled_; |
+ const bool online_rev_checking_; |
+ const bool rev_checking_required_local_anchors_; |
+ uint16 fallback_min_version_; |
+}; |
+ |
+class FallbackTestURLRequestContext : public TestURLRequestContext { |
+ public: |
+ explicit FallbackTestURLRequestContext(bool delay_initialization) |
+ : TestURLRequestContext(delay_initialization) {} |
+ |
+ void set_fallback_min_version(uint16 version) { |
+ TestSSLConfigService *ssl_config_service = |
+ new TestSSLConfigService(true /* check for EV */, |
+ false /* online revocation checking */, |
+ false /* require rev. checking for local |
+ anchors */); |
+ ssl_config_service->set_fallback_min_version(version); |
+ set_ssl_config_service(ssl_config_service); |
+ } |
+}; |
+ |
+class HTTPSFallbackTest : public testing::Test { |
+ public: |
+ HTTPSFallbackTest() : context_(true) {} |
virtual ~HTTPSFallbackTest() {} |
protected: |
void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) { |
DCHECK(!request_); |
+ context_.Init(); |
+ delegate_.set_allow_certificate_errors(true); |
+ |
SpawnedTestServer test_server( |
SpawnedTestServer::TYPE_HTTPS, |
ssl_options, |
@@ -7092,6 +7145,10 @@ class HTTPSFallbackTest : public testing::Test { |
base::RunLoop().Run(); |
} |
+ void set_fallback_min_version(uint16 version) { |
+ context_.set_fallback_min_version(version); |
+ } |
+ |
void ExpectConnection(int version) { |
EXPECT_EQ(1, delegate_.response_started_count()); |
EXPECT_NE(0, delegate_.bytes_received()); |
@@ -7110,7 +7167,7 @@ class HTTPSFallbackTest : public testing::Test { |
private: |
TestDelegate delegate_; |
- TestURLRequestContext context_; |
+ FallbackTestURLRequestContext context_; |
scoped_ptr<URLRequest> request_; |
}; |
@@ -7186,7 +7243,7 @@ TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) { |
ExpectFailure(ERR_CONNECTION_CLOSED); |
} |
-// Tests that the SSLv3 fallback triggers on alert. |
+// Tests that the SSLv3 fallback doesn't happen by default. |
TEST_F(HTTPSFallbackTest, SSLv3Fallback) { |
SpawnedTestServer::SSLOptions ssl_options( |
SpawnedTestServer::SSLOptions::CERT_OK); |
@@ -7194,10 +7251,23 @@ TEST_F(HTTPSFallbackTest, SSLv3Fallback) { |
SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
+ ExpectFailure(ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION); |
+} |
+ |
+// Tests that the SSLv3 fallback works when explicitly enabled. |
+TEST_F(HTTPSFallbackTest, SSLv3FallbackEnabled) { |
+ SpawnedTestServer::SSLOptions ssl_options( |
+ SpawnedTestServer::SSLOptions::CERT_OK); |
+ ssl_options.tls_intolerant = |
+ SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
+ set_fallback_min_version(SSL_PROTOCOL_VERSION_SSL3); |
+ |
+ ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
ExpectConnection(SSL_CONNECTION_VERSION_SSL3); |
} |
-// Tests that the SSLv3 fallback triggers on closed connections. |
+// Tests that the SSLv3 fallback triggers on closed connections when explicitly |
+// enabled. |
TEST_F(HTTPSFallbackTest, SSLv3FallbackClosed) { |
SpawnedTestServer::SSLOptions ssl_options( |
SpawnedTestServer::SSLOptions::CERT_OK); |
@@ -7205,6 +7275,7 @@ TEST_F(HTTPSFallbackTest, SSLv3FallbackClosed) { |
SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
ssl_options.tls_intolerance_type = |
SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE; |
+ set_fallback_min_version(SSL_PROTOCOL_VERSION_SSL3); |
ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
ExpectConnection(SSL_CONNECTION_VERSION_SSL3); |
@@ -7321,34 +7392,6 @@ TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) { |
} |
} |
-class TestSSLConfigService : public SSLConfigService { |
- public: |
- TestSSLConfigService(bool ev_enabled, |
- bool online_rev_checking, |
- bool rev_checking_required_local_anchors) |
- : ev_enabled_(ev_enabled), |
- online_rev_checking_(online_rev_checking), |
- rev_checking_required_local_anchors_( |
- rev_checking_required_local_anchors) {} |
- |
- // SSLConfigService: |
- virtual void GetSSLConfig(SSLConfig* config) OVERRIDE { |
- *config = SSLConfig(); |
- config->rev_checking_enabled = online_rev_checking_; |
- config->verify_ev_cert = ev_enabled_; |
- config->rev_checking_required_local_anchors = |
- rev_checking_required_local_anchors_; |
- } |
- |
- protected: |
- virtual ~TestSSLConfigService() {} |
- |
- private: |
- const bool ev_enabled_; |
- const bool online_rev_checking_; |
- const bool rev_checking_required_local_anchors_; |
-}; |
- |
// This the fingerprint of the "Testing CA" certificate used by the testserver. |
// See net/data/ssl/certificates/ocsp-test-root.pem. |
static const SHA1HashValue kOCSPTestCertFingerprint = |