Add TLS-SRP (RFC 5054) support

net/socket/ssl_client_socket_unittest.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include "net/base/address_list.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/host_resolver.h"
 #include "net/base/io_buffer.h"
@@ skipping 265 matching lines @@
 
   EXPECT_EQ(net::OK, rv);
   EXPECT_TRUE(sock->IsConnected());
   log.GetEntries(&entries);
   EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1));
 
   sock->Disconnect();
   EXPECT_FALSE(sock->IsConnected());
 }
 
+// Connect using a certificate to a server that has TLS-SRP enabled. Tests that
+// when we set use_tls_auth=false in SSL config, it doesn't attempt TLS-SRP
+// auth.
+TEST_F(SSLClientSocketTest, ConnectUsingCertWithTLSAuthDisabled) {
+  net::TestServer::HTTPSOptions https_options;
+  https_options.use_tls_srp = true;
+  net::TestServer test_server(https_options, FilePath());
+  ASSERT_TRUE(test_server.Start());
+
+  net::AddressList addr;
+  ASSERT_TRUE(test_server.GetAddressList(&addr));
+
+  TestCompletionCallback callback;
+  net::CapturingNetLog log(net::CapturingNetLog::kUnbounded);
+  net::ClientSocket* transport = new net::TCPClientSocket(
+      addr, &log, net::NetLog::Source());
+  int rv = transport->Connect(&callback);
+  if (rv == net::ERR_IO_PENDING)
+    rv = callback.WaitForResult();
+  EXPECT_EQ(net::OK, rv);
+
+  // Disable TLS-SRP
+  net::SSLConfig ssl_config = kDefaultSSLConfig;
+  ssl_config.use_tls_auth = false;
+
+  scoped_ptr<net::SSLClientSocket> sock(
+      socket_factory_->CreateSSLClientSocket(
+          transport, test_server.host_port_pair(), ssl_config,
+          NULL, cert_verifier_.get()));
+
+  EXPECT_FALSE(sock->IsConnected());
+
+  rv = sock->Connect(&callback);
+
+  net::CapturingNetLog::EntryList entries;
+  log.GetEntries(&entries);
+  EXPECT_TRUE(net::LogContainsBeginEvent(
+      entries, 5, net::NetLog::TYPE_SSL_CONNECT));
+  if (rv == net::ERR_IO_PENDING)
+    rv = callback.WaitForResult();
+  EXPECT_EQ(net::OK, rv);
+
+  EXPECT_TRUE(sock->IsConnected());
+  log.GetEntries(&entries);
+  EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1));
+
+  sock->Disconnect();
+  EXPECT_FALSE(sock->IsConnected());
+}
+
 // TODO(wtc): Add unit tests for IsConnectedAndIdle:
 //   - Server closes an SSL connection (with a close_notify alert message).
 //   - Server closes the underlying TCP connection directly.
 //   - Server sends data unexpectedly.
 
 TEST_F(SSLClientSocketTest, Read) {
   net::TestServer test_server(net::TestServer::TYPE_HTTPS, FilePath());
   ASSERT_TRUE(test_server.Start());
 
   net::AddressList addr;
@@ skipping 316 matching lines @@
   // to being an error such as a certificate name mismatch, which is
   // client-only, the exact index of the SSL connect end depends on how
   // quickly the test server closes the underlying socket. If the test server
   // closes before the IO message loop pumps messages, there may be a 0-byte
   // Read event in the NetLog due to TCPClientSocket picking up the EOF. As a
   // result, the SSL connect end event will be the second-to-last entry,
   // rather than the last entry.
   EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1) ||
               LogContainsSSLConnectEndEvent(entries, -2));
 }