| Index: net/socket/ssl_client_socket_unittest.cc
|
| diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
|
| index 16e03f7eb8ba554787ea52761a49f5467591d9a9..e33ffba4cca2c2166cc9c374b1ffc7105dcc4cb0 100644
|
| --- a/net/socket/ssl_client_socket_unittest.cc
|
| +++ b/net/socket/ssl_client_socket_unittest.cc
|
| @@ -808,145 +808,6 @@ class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest {
|
| }
|
| };
|
|
|
| -class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
|
| - public:
|
| - SSLClientSocketFalseStartTest()
|
| - : monitor_handshake_callback_(false),
|
| - fail_handshake_after_false_start_(false) {}
|
| -
|
| - protected:
|
| - // Creates an SSLClientSocket with |client_config| attached to a
|
| - // FakeBlockingStreamSocket, returning both in |*out_raw_transport| and
|
| - // |*out_sock|. The FakeBlockingStreamSocket is owned by the SSLClientSocket,
|
| - // so |*out_raw_transport| is a raw pointer.
|
| - //
|
| - // The client socket will begin a connect using |callback| but stop before the
|
| - // server's finished message is received. The finished message will be blocked
|
| - // in |*out_raw_transport|. To complete the handshake and successfully read
|
| - // data, the caller must unblock reads on |*out_raw_transport|. (Note that, if
|
| - // the client successfully false started, |callback.WaitForResult()| will
|
| - // return OK without unblocking transport reads. But Read() will still block.)
|
| - //
|
| - // Must be called after StartTestServer is called.
|
| - void CreateAndConnectUntilServerFinishedReceived(
|
| - const SSLConfig& client_config,
|
| - TestCompletionCallback* callback,
|
| - FakeBlockingStreamSocket** out_raw_transport,
|
| - scoped_ptr<SSLClientSocket>* out_sock) {
|
| - CHECK(test_server());
|
| -
|
| - scoped_ptr<StreamSocket> real_transport(scoped_ptr<StreamSocket>(
|
| - new TCPClientSocket(addr(), NULL, NetLog::Source())));
|
| - real_transport.reset(
|
| - new SynchronousErrorStreamSocket(real_transport.Pass()));
|
| -
|
| - scoped_ptr<FakeBlockingStreamSocket> transport(
|
| - new FakeBlockingStreamSocket(real_transport.Pass()));
|
| - int rv = callback->GetResult(transport->Connect(callback->callback()));
|
| - EXPECT_EQ(OK, rv);
|
| -
|
| - FakeBlockingStreamSocket* raw_transport = transport.get();
|
| - scoped_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
|
| - transport.Pass(), test_server()->host_port_pair(), client_config);
|
| -
|
| - if (monitor_handshake_callback_) {
|
| - sock->SetHandshakeCompletionCallback(
|
| - base::Bind(&SSLClientSocketTest::RecordCompletedHandshake,
|
| - base::Unretained(this)));
|
| - }
|
| -
|
| - // Connect. Stop before the client processes the first server leg
|
| - // (ServerHello, etc.)
|
| - raw_transport->BlockReadResult();
|
| - rv = sock->Connect(callback->callback());
|
| - EXPECT_EQ(ERR_IO_PENDING, rv);
|
| - raw_transport->WaitForReadResult();
|
| -
|
| - // Release the ServerHello and wait for the client to write
|
| - // ClientKeyExchange, etc. (A proxy for waiting for the entirety of the
|
| - // server's leg to complete, since it may span multiple reads.)
|
| - EXPECT_FALSE(callback->have_result());
|
| - raw_transport->BlockWrite();
|
| - raw_transport->UnblockReadResult();
|
| - raw_transport->WaitForWrite();
|
| -
|
| - if (fail_handshake_after_false_start_) {
|
| - SynchronousErrorStreamSocket* error_socket =
|
| - static_cast<SynchronousErrorStreamSocket*>(
|
| - raw_transport->transport());
|
| - error_socket->SetNextReadError(ERR_CONNECTION_RESET);
|
| - }
|
| - // And, finally, release that and block the next server leg
|
| - // (ChangeCipherSpec, Finished).
|
| - raw_transport->BlockReadResult();
|
| - raw_transport->UnblockWrite();
|
| -
|
| - *out_raw_transport = raw_transport;
|
| - *out_sock = sock.Pass();
|
| - }
|
| -
|
| - void TestFalseStart(const SpawnedTestServer::SSLOptions& server_options,
|
| - const SSLConfig& client_config,
|
| - bool expect_false_start) {
|
| - ASSERT_TRUE(StartTestServer(server_options));
|
| -
|
| - TestCompletionCallback callback;
|
| - FakeBlockingStreamSocket* raw_transport = NULL;
|
| - scoped_ptr<SSLClientSocket> sock;
|
| -
|
| - ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
|
| - client_config, &callback, &raw_transport, &sock));
|
| -
|
| - if (expect_false_start) {
|
| - // When False Starting, the handshake should complete before receiving the
|
| - // Change Cipher Spec and Finished messages.
|
| - //
|
| - // Note: callback.have_result() may not be true without waiting. The NSS
|
| - // state machine sometimes lives on a separate thread, so this thread may
|
| - // not yet have processed the signal that the handshake has completed.
|
| - int rv = callback.WaitForResult();
|
| - EXPECT_EQ(OK, rv);
|
| - EXPECT_TRUE(sock->IsConnected());
|
| -
|
| - const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
|
| - static const int kRequestTextSize =
|
| - static_cast<int>(arraysize(request_text) - 1);
|
| - scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize));
|
| - memcpy(request_buffer->data(), request_text, kRequestTextSize);
|
| -
|
| - // Write the request.
|
| - rv = callback.GetResult(sock->Write(request_buffer.get(),
|
| - kRequestTextSize,
|
| - callback.callback()));
|
| - EXPECT_EQ(kRequestTextSize, rv);
|
| -
|
| - // The read will hang; it's waiting for the peer to complete the
|
| - // handshake, and the handshake is still blocked.
|
| - scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
|
| - rv = sock->Read(buf.get(), 4096, callback.callback());
|
| -
|
| - // After releasing reads, the connection proceeds.
|
| - raw_transport->UnblockReadResult();
|
| - rv = callback.GetResult(rv);
|
| - if (fail_handshake_after_false_start_)
|
| - EXPECT_EQ(ERR_CONNECTION_RESET, rv);
|
| - else
|
| - EXPECT_LT(0, rv);
|
| - } else {
|
| - // False Start is not enabled, so the handshake will not complete because
|
| - // the server second leg is blocked.
|
| - base::RunLoop().RunUntilIdle();
|
| - EXPECT_FALSE(callback.have_result());
|
| - }
|
| - }
|
| -
|
| - // Indicates that the socket's handshake completion callback should
|
| - // be monitored.
|
| - bool monitor_handshake_callback_;
|
| - // Indicates that this test's handshake should fail after the client
|
| - // "finished" message is sent.
|
| - bool fail_handshake_after_false_start_;
|
| -};
|
|
|
| class SSLClientSocketChannelIDTest : public SSLClientSocketTest {
|
| protected:
|
| @@ -2881,142 +2742,7 @@ TEST_F(SSLClientSocketTest, HandshakeCallbackIsRun_WithDisabledSessionCache) {
|
| EXPECT_TRUE(ran_handshake_completion_callback_);
|
| }
|
|
|
| -TEST_F(SSLClientSocketFalseStartTest,
|
| - HandshakeCallbackIsRun_WithFalseStartFailure) {
|
| - // False Start requires NPN and a forward-secret cipher suite.
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - server_options.enable_npn = true;
|
| - SSLConfig client_config;
|
| - client_config.next_protos.push_back("http/1.1");
|
| - monitor_handshake_callback_ = true;
|
| - fail_handshake_after_false_start_ = true;
|
| - ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true));
|
| - ASSERT_TRUE(ran_handshake_completion_callback_);
|
| -}
|
| -
|
| -TEST_F(SSLClientSocketFalseStartTest,
|
| - HandshakeCallbackIsRun_WithFalseStartSuccess) {
|
| - // False Start requires NPN and a forward-secret cipher suite.
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - server_options.enable_npn = true;
|
| - SSLConfig client_config;
|
| - client_config.next_protos.push_back("http/1.1");
|
| - monitor_handshake_callback_ = true;
|
| - ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true));
|
| - ASSERT_TRUE(ran_handshake_completion_callback_);
|
| -}
|
| -#endif // defined(USE_OPENSSL)
|
| -
|
| -TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
|
| - // False Start requires NPN and a forward-secret cipher suite.
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - server_options.enable_npn = true;
|
| - SSLConfig client_config;
|
| - client_config.next_protos.push_back("http/1.1");
|
| - ASSERT_NO_FATAL_FAILURE(
|
| - TestFalseStart(server_options, client_config, true));
|
| -}
|
| -
|
| -// Test that False Start is disabled without NPN.
|
| -TEST_F(SSLClientSocketFalseStartTest, NoNPN) {
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - SSLConfig client_config;
|
| - client_config.next_protos.clear();
|
| - ASSERT_NO_FATAL_FAILURE(
|
| - TestFalseStart(server_options, client_config, false));
|
| -}
|
| -
|
| -// Test that False Start is disabled without a forward-secret cipher suite.
|
| -TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) {
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA;
|
| - server_options.enable_npn = true;
|
| - SSLConfig client_config;
|
| - client_config.next_protos.push_back("http/1.1");
|
| - ASSERT_NO_FATAL_FAILURE(
|
| - TestFalseStart(server_options, client_config, false));
|
| -}
|
| -
|
| -// Test that sessions are resumable after receiving the server Finished message.
|
| -TEST_F(SSLClientSocketFalseStartTest, SessionResumption) {
|
| - // Start a server.
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - server_options.enable_npn = true;
|
| - SSLConfig client_config;
|
| - client_config.next_protos.push_back("http/1.1");
|
| -
|
| - // Let a full handshake complete with False Start.
|
| - ASSERT_NO_FATAL_FAILURE(
|
| - TestFalseStart(server_options, client_config, true));
|
| -
|
| - // Make a second connection.
|
| - TestCompletionCallback callback;
|
| - scoped_ptr<StreamSocket> transport2(
|
| - new TCPClientSocket(addr(), &log_, NetLog::Source()));
|
| - EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback())));
|
| - scoped_ptr<SSLClientSocket> sock2 = CreateSSLClientSocket(
|
| - transport2.Pass(), test_server()->host_port_pair(), client_config);
|
| - ASSERT_TRUE(sock2.get());
|
| - EXPECT_EQ(OK, callback.GetResult(sock2->Connect(callback.callback())));
|
| -
|
| - // It should resume the session.
|
| - SSLInfo ssl_info;
|
| - EXPECT_TRUE(sock2->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
|
| -}
|
| -
|
| -// Test that sessions are not resumable before receiving the server Finished
|
| -// message.
|
| -TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) {
|
| - // Start a server.
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - server_options.enable_npn = true;
|
| - ASSERT_TRUE(StartTestServer(server_options));
|
| -
|
| - SSLConfig client_config;
|
| - client_config.next_protos.push_back("http/1.1");
|
| -
|
| - // Start a handshake up to the server Finished message.
|
| - TestCompletionCallback callback;
|
| - FakeBlockingStreamSocket* raw_transport1;
|
| - scoped_ptr<SSLClientSocket> sock1;
|
| - ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
|
| - client_config, &callback, &raw_transport1, &sock1));
|
| - // Although raw_transport1 has the server Finished blocked, the handshake
|
| - // still completes.
|
| - EXPECT_EQ(OK, callback.WaitForResult());
|
| -
|
| - // Drop the old socket. This is needed because the Python test server can't
|
| - // service two sockets in parallel.
|
| - sock1.reset();
|
| -
|
| - // Start a second connection.
|
| - scoped_ptr<StreamSocket> transport2(
|
| - new TCPClientSocket(addr(), &log_, NetLog::Source()));
|
| - EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback())));
|
| - scoped_ptr<SSLClientSocket> sock2 = CreateSSLClientSocket(
|
| - transport2.Pass(), test_server()->host_port_pair(), client_config);
|
| - EXPECT_EQ(OK, callback.GetResult(sock2->Connect(callback.callback())));
|
| -
|
| - // No session resumption because the first connection never received a server
|
| - // Finished message.
|
| - SSLInfo ssl_info;
|
| - EXPECT_TRUE(sock2->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
|
| -}
|
| +#endif // USE_OPENSSL
|
|
|
| // Connect to a server using channel id. It should allow the connection.
|
| TEST_F(SSLClientSocketChannelIDTest, SendChannelID) {
|
|
|
Chromium Code Reviews
Issue 662543005:
net: allow False Start only for >= TLS 1.2 && AEAD && forward-secure && ALPN/NPN. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git/+/master