| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 #include <shlobj.h> | 9 #include <shlobj.h> |
| 10 #endif | 10 #endif |
| (...skipping 7060 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7071 | 7071 |
| 7072 class TestSSLConfigService : public SSLConfigService { | 7072 class TestSSLConfigService : public SSLConfigService { |
| 7073 public: | 7073 public: |
| 7074 TestSSLConfigService(bool ev_enabled, | 7074 TestSSLConfigService(bool ev_enabled, |
| 7075 bool online_rev_checking, | 7075 bool online_rev_checking, |
| 7076 bool rev_checking_required_local_anchors) | 7076 bool rev_checking_required_local_anchors) |
| 7077 : ev_enabled_(ev_enabled), | 7077 : ev_enabled_(ev_enabled), |
| 7078 online_rev_checking_(online_rev_checking), | 7078 online_rev_checking_(online_rev_checking), |
| 7079 rev_checking_required_local_anchors_( | 7079 rev_checking_required_local_anchors_( |
| 7080 rev_checking_required_local_anchors), | 7080 rev_checking_required_local_anchors), |
| 7081 fallback_min_version_(0) {} | 7081 min_version_(kDefaultSSLVersionMin), |
| 7082 fallback_min_version_(kDefaultSSLVersionFallbackMin) {} |
| 7083 |
| 7084 void set_min_version(uint16 version) { |
| 7085 min_version_ = version; |
| 7086 } |
| 7082 | 7087 |
| 7083 void set_fallback_min_version(uint16 version) { | 7088 void set_fallback_min_version(uint16 version) { |
| 7084 fallback_min_version_ = version; | 7089 fallback_min_version_ = version; |
| 7085 } | 7090 } |
| 7086 | 7091 |
| 7087 // SSLConfigService: | 7092 // SSLConfigService: |
| 7088 void GetSSLConfig(SSLConfig* config) override { | 7093 void GetSSLConfig(SSLConfig* config) override { |
| 7089 *config = SSLConfig(); | 7094 *config = SSLConfig(); |
| 7090 config->rev_checking_enabled = online_rev_checking_; | 7095 config->rev_checking_enabled = online_rev_checking_; |
| 7091 config->verify_ev_cert = ev_enabled_; | 7096 config->verify_ev_cert = ev_enabled_; |
| 7092 config->rev_checking_required_local_anchors = | 7097 config->rev_checking_required_local_anchors = |
| 7093 rev_checking_required_local_anchors_; | 7098 rev_checking_required_local_anchors_; |
| 7094 if (fallback_min_version_) { | 7099 if (fallback_min_version_) { |
| 7095 config->version_fallback_min = fallback_min_version_; | 7100 config->version_fallback_min = fallback_min_version_; |
| 7096 } | 7101 } |
| 7102 if (min_version_) { |
| 7103 config->version_min = min_version_; |
| 7104 } |
| 7097 } | 7105 } |
| 7098 | 7106 |
| 7099 protected: | 7107 protected: |
| 7100 ~TestSSLConfigService() override {} | 7108 ~TestSSLConfigService() override {} |
| 7101 | 7109 |
| 7102 private: | 7110 private: |
| 7103 const bool ev_enabled_; | 7111 const bool ev_enabled_; |
| 7104 const bool online_rev_checking_; | 7112 const bool online_rev_checking_; |
| 7105 const bool rev_checking_required_local_anchors_; | 7113 const bool rev_checking_required_local_anchors_; |
| 7114 uint16 min_version_; |
| 7106 uint16 fallback_min_version_; | 7115 uint16 fallback_min_version_; |
| 7107 }; | 7116 }; |
| 7108 | 7117 |
| 7109 class FallbackTestURLRequestContext : public TestURLRequestContext { | 7118 class FallbackTestURLRequestContext : public TestURLRequestContext { |
| 7110 public: | 7119 public: |
| 7111 explicit FallbackTestURLRequestContext(bool delay_initialization) | 7120 explicit FallbackTestURLRequestContext(bool delay_initialization) |
| 7112 : TestURLRequestContext(delay_initialization) {} | 7121 : TestURLRequestContext(delay_initialization) {} |
| 7113 | 7122 |
| 7114 void set_fallback_min_version(uint16 version) { | 7123 void set_fallback_min_version(uint16 version) { |
| 7115 TestSSLConfigService *ssl_config_service = | 7124 TestSSLConfigService *ssl_config_service = |
| 7116 new TestSSLConfigService(true /* check for EV */, | 7125 new TestSSLConfigService(true /* check for EV */, |
| 7117 false /* online revocation checking */, | 7126 false /* online revocation checking */, |
| 7118 false /* require rev. checking for local | 7127 false /* require rev. checking for local |
| 7119 anchors */); | 7128 anchors */); |
| 7129 ssl_config_service->set_min_version(SSL_PROTOCOL_VERSION_SSL3); |
| 7120 ssl_config_service->set_fallback_min_version(version); | 7130 ssl_config_service->set_fallback_min_version(version); |
| 7121 set_ssl_config_service(ssl_config_service); | 7131 set_ssl_config_service(ssl_config_service); |
| 7122 } | 7132 } |
| 7123 }; | 7133 }; |
| 7124 | 7134 |
| 7125 class HTTPSFallbackTest : public testing::Test { | 7135 class HTTPSFallbackTest : public testing::Test { |
| 7126 public: | 7136 public: |
| 7127 HTTPSFallbackTest() : context_(true) {} | 7137 HTTPSFallbackTest() : context_(true) {} |
| 7128 ~HTTPSFallbackTest() override {} | 7138 ~HTTPSFallbackTest() override {} |
| 7129 | 7139 |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7245 } | 7255 } |
| 7246 | 7256 |
| 7247 // Tests that the SSLv3 fallback doesn't happen by default. | 7257 // Tests that the SSLv3 fallback doesn't happen by default. |
| 7248 TEST_F(HTTPSFallbackTest, SSLv3Fallback) { | 7258 TEST_F(HTTPSFallbackTest, SSLv3Fallback) { |
| 7249 SpawnedTestServer::SSLOptions ssl_options( | 7259 SpawnedTestServer::SSLOptions ssl_options( |
| 7250 SpawnedTestServer::SSLOptions::CERT_OK); | 7260 SpawnedTestServer::SSLOptions::CERT_OK); |
| 7251 ssl_options.tls_intolerant = | 7261 ssl_options.tls_intolerant = |
| 7252 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | 7262 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
| 7253 | 7263 |
| 7254 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | 7264 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
| 7255 ExpectFailure(ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION); | 7265 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
| 7256 } | 7266 } |
| 7257 | 7267 |
| 7258 // Tests that the SSLv3 fallback works when explicitly enabled. | 7268 // Tests that the SSLv3 fallback works when explicitly enabled. |
| 7259 TEST_F(HTTPSFallbackTest, SSLv3FallbackEnabled) { | 7269 TEST_F(HTTPSFallbackTest, SSLv3FallbackEnabled) { |
| 7260 SpawnedTestServer::SSLOptions ssl_options( | 7270 SpawnedTestServer::SSLOptions ssl_options( |
| 7261 SpawnedTestServer::SSLOptions::CERT_OK); | 7271 SpawnedTestServer::SSLOptions::CERT_OK); |
| 7262 ssl_options.tls_intolerant = | 7272 ssl_options.tls_intolerant = |
| 7263 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; | 7273 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL; |
| 7264 set_fallback_min_version(SSL_PROTOCOL_VERSION_SSL3); | 7274 set_fallback_min_version(SSL_PROTOCOL_VERSION_SSL3); |
| 7265 | 7275 |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 7300 | 7310 |
| 7301 SSLClientSocket::ClearSessionCache(); | 7311 SSLClientSocket::ClearSessionCache(); |
| 7302 | 7312 |
| 7303 // Make a connection that does a probe fallback to SSLv3 but fails because | 7313 // Make a connection that does a probe fallback to SSLv3 but fails because |
| 7304 // SSLv3 fallback is disabled. We don't wish a session for this connection to | 7314 // SSLv3 fallback is disabled. We don't wish a session for this connection to |
| 7305 // be inserted locally. | 7315 // be inserted locally. |
| 7306 { | 7316 { |
| 7307 TestDelegate delegate; | 7317 TestDelegate delegate; |
| 7308 FallbackTestURLRequestContext context(true); | 7318 FallbackTestURLRequestContext context(true); |
| 7309 | 7319 |
| 7320 context.set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1); |
| 7310 context.Init(); | 7321 context.Init(); |
| 7311 scoped_ptr<URLRequest> request(context.CreateRequest( | 7322 scoped_ptr<URLRequest> request(context.CreateRequest( |
| 7312 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &delegate, NULL)); | 7323 test_server.GetURL(std::string()), DEFAULT_PRIORITY, &delegate, NULL)); |
| 7313 request->Start(); | 7324 request->Start(); |
| 7314 | 7325 |
| 7315 base::RunLoop().Run(); | 7326 base::RunLoop().Run(); |
| 7316 | 7327 |
| 7317 EXPECT_EQ(1, delegate.response_started_count()); | 7328 EXPECT_EQ(1, delegate.response_started_count()); |
| 7318 EXPECT_FALSE(request->status().is_success()); | 7329 EXPECT_FALSE(request->status().is_success()); |
| 7319 EXPECT_EQ(URLRequestStatus::FAILED, request->status().status()); | 7330 EXPECT_EQ(URLRequestStatus::FAILED, request->status().status()); |
| (...skipping 956 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8276 | 8287 |
| 8277 EXPECT_FALSE(r->is_pending()); | 8288 EXPECT_FALSE(r->is_pending()); |
| 8278 EXPECT_EQ(1, d->response_started_count()); | 8289 EXPECT_EQ(1, d->response_started_count()); |
| 8279 EXPECT_FALSE(d->received_data_before_response()); | 8290 EXPECT_FALSE(d->received_data_before_response()); |
| 8280 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); | 8291 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size)); |
| 8281 } | 8292 } |
| 8282 } | 8293 } |
| 8283 #endif // !defined(DISABLE_FTP_SUPPORT) | 8294 #endif // !defined(DISABLE_FTP_SUPPORT) |
| 8284 | 8295 |
| 8285 } // namespace net | 8296 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 649413004:
net: disable SSLv3. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master