| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| (...skipping 2333 matching lines...) Loading... |
| 2344 EXPECT_EQ(rv, OK); | 2344 EXPECT_EQ(rv, OK); |
| 2345 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0); | 2345 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0); |
| 2346 } | 2346 } |
| 2347 | 2347 |
| 2348 // Verifies that SSLClientSocket::ClearSessionCache can be called without | 2348 // Verifies that SSLClientSocket::ClearSessionCache can be called without |
| 2349 // explicit NSS initialization. | 2349 // explicit NSS initialization. |
| 2350 TEST(SSLClientSocket, ClearSessionCache) { | 2350 TEST(SSLClientSocket, ClearSessionCache) { |
| 2351 SSLClientSocket::ClearSessionCache(); | 2351 SSLClientSocket::ClearSessionCache(); |
| 2352 } | 2352 } |
| 2353 | 2353 |
| 2354 TEST(SSLClientSocket, SerializeNextProtos) { |
| 2355 NextProtoVector next_protos; |
| 2356 next_protos.push_back(kProtoHTTP11); |
| 2357 next_protos.push_back(kProtoSPDY31); |
| 2358 static std::vector<uint8_t> serialized = |
| 2359 SSLClientSocket::SerializeNextProtos(next_protos, true); |
| 2360 ASSERT_EQ(18u, serialized.size()); |
| 2361 EXPECT_EQ(8, serialized[0]); // length("http/1.1") |
| 2362 EXPECT_EQ('h', serialized[1]); |
| 2363 EXPECT_EQ('t', serialized[2]); |
| 2364 EXPECT_EQ('t', serialized[3]); |
| 2365 EXPECT_EQ('p', serialized[4]); |
| 2366 EXPECT_EQ('/', serialized[5]); |
| 2367 EXPECT_EQ('1', serialized[6]); |
| 2368 EXPECT_EQ('.', serialized[7]); |
| 2369 EXPECT_EQ('1', serialized[8]); |
| 2370 EXPECT_EQ(8, serialized[9]); // length("spdy/3.1") |
| 2371 EXPECT_EQ('s', serialized[10]); |
| 2372 EXPECT_EQ('p', serialized[11]); |
| 2373 EXPECT_EQ('d', serialized[12]); |
| 2374 EXPECT_EQ('y', serialized[13]); |
| 2375 EXPECT_EQ('/', serialized[14]); |
| 2376 EXPECT_EQ('3', serialized[15]); |
| 2377 EXPECT_EQ('.', serialized[16]); |
| 2378 EXPECT_EQ('1', serialized[17]); |
| 2379 } |
| 2380 |
| 2354 // Test that the server certificates are properly retrieved from the underlying | 2381 // Test that the server certificates are properly retrieved from the underlying |
| 2355 // SSL stack. | 2382 // SSL stack. |
| 2356 TEST_F(SSLClientSocketTest, VerifyServerChainProperlyOrdered) { | 2383 TEST_F(SSLClientSocketTest, VerifyServerChainProperlyOrdered) { |
| 2357 // The connection does not have to be successful. | 2384 // The connection does not have to be successful. |
| 2358 cert_verifier_->set_default_result(ERR_CERT_INVALID); | 2385 cert_verifier_->set_default_result(ERR_CERT_INVALID); |
| 2359 | 2386 |
| 2360 // Set up a test server with CERT_CHAIN_WRONG_ROOT. | 2387 // Set up a test server with CERT_CHAIN_WRONG_ROOT. |
| 2361 // This makes the server present redundant-server-chain.pem, which contains | 2388 // This makes the server present redundant-server-chain.pem, which contains |
| 2362 // intermediate certificates. | 2389 // intermediate certificates. |
| 2363 SpawnedTestServer::SSLOptions ssl_options( | 2390 SpawnedTestServer::SSLOptions ssl_options( |
| (...skipping 518 matching lines...) Loading... |
| 2882 } | 2909 } |
| 2883 | 2910 |
| 2884 TEST_F(SSLClientSocketFalseStartTest, | 2911 TEST_F(SSLClientSocketFalseStartTest, |
| 2885 HandshakeCallbackIsRun_WithFalseStartFailure) { | 2912 HandshakeCallbackIsRun_WithFalseStartFailure) { |
| 2886 // False Start requires NPN and a forward-secret cipher suite. | 2913 // False Start requires NPN and a forward-secret cipher suite. |
| 2887 SpawnedTestServer::SSLOptions server_options; | 2914 SpawnedTestServer::SSLOptions server_options; |
| 2888 server_options.key_exchanges = | 2915 server_options.key_exchanges = |
| 2889 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2916 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2890 server_options.enable_npn = true; | 2917 server_options.enable_npn = true; |
| 2891 SSLConfig client_config; | 2918 SSLConfig client_config; |
| 2892 client_config.next_protos.push_back("http/1.1"); | 2919 client_config.next_protos.push_back(kProtoHTTP11); |
| 2893 monitor_handshake_callback_ = true; | 2920 monitor_handshake_callback_ = true; |
| 2894 fail_handshake_after_false_start_ = true; | 2921 fail_handshake_after_false_start_ = true; |
| 2895 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); | 2922 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); |
| 2896 ASSERT_TRUE(ran_handshake_completion_callback_); | 2923 ASSERT_TRUE(ran_handshake_completion_callback_); |
| 2897 } | 2924 } |
| 2898 | 2925 |
| 2899 TEST_F(SSLClientSocketFalseStartTest, | 2926 TEST_F(SSLClientSocketFalseStartTest, |
| 2900 HandshakeCallbackIsRun_WithFalseStartSuccess) { | 2927 HandshakeCallbackIsRun_WithFalseStartSuccess) { |
| 2901 // False Start requires NPN and a forward-secret cipher suite. | 2928 // False Start requires NPN and a forward-secret cipher suite. |
| 2902 SpawnedTestServer::SSLOptions server_options; | 2929 SpawnedTestServer::SSLOptions server_options; |
| 2903 server_options.key_exchanges = | 2930 server_options.key_exchanges = |
| 2904 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2931 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2905 server_options.enable_npn = true; | 2932 server_options.enable_npn = true; |
| 2906 SSLConfig client_config; | 2933 SSLConfig client_config; |
| 2907 client_config.next_protos.push_back("http/1.1"); | 2934 client_config.next_protos.push_back(kProtoHTTP11); |
| 2908 monitor_handshake_callback_ = true; | 2935 monitor_handshake_callback_ = true; |
| 2909 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); | 2936 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true)); |
| 2910 ASSERT_TRUE(ran_handshake_completion_callback_); | 2937 ASSERT_TRUE(ran_handshake_completion_callback_); |
| 2911 } | 2938 } |
| 2912 #endif // defined(USE_OPENSSL) | 2939 #endif // defined(USE_OPENSSL) |
| 2913 | 2940 |
| 2914 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2941 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
| 2915 // False Start requires NPN and a forward-secret cipher suite. | 2942 // False Start requires NPN and a forward-secret cipher suite. |
| 2916 SpawnedTestServer::SSLOptions server_options; | 2943 SpawnedTestServer::SSLOptions server_options; |
| 2917 server_options.key_exchanges = | 2944 server_options.key_exchanges = |
| 2918 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2945 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2919 server_options.enable_npn = true; | 2946 server_options.enable_npn = true; |
| 2920 SSLConfig client_config; | 2947 SSLConfig client_config; |
| 2921 client_config.next_protos.push_back("http/1.1"); | 2948 client_config.next_protos.push_back(kProtoHTTP11); |
| 2922 ASSERT_NO_FATAL_FAILURE( | 2949 ASSERT_NO_FATAL_FAILURE( |
| 2923 TestFalseStart(server_options, client_config, true)); | 2950 TestFalseStart(server_options, client_config, true)); |
| 2924 } | 2951 } |
| 2925 | 2952 |
| 2926 // Test that False Start is disabled without NPN. | 2953 // Test that False Start is disabled without NPN. |
| 2927 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { | 2954 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { |
| 2928 SpawnedTestServer::SSLOptions server_options; | 2955 SpawnedTestServer::SSLOptions server_options; |
| 2929 server_options.key_exchanges = | 2956 server_options.key_exchanges = |
| 2930 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2957 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2931 SSLConfig client_config; | 2958 SSLConfig client_config; |
| 2932 client_config.next_protos.clear(); | 2959 client_config.next_protos.clear(); |
| 2933 ASSERT_NO_FATAL_FAILURE( | 2960 ASSERT_NO_FATAL_FAILURE( |
| 2934 TestFalseStart(server_options, client_config, false)); | 2961 TestFalseStart(server_options, client_config, false)); |
| 2935 } | 2962 } |
| 2936 | 2963 |
| 2937 // Test that False Start is disabled without a forward-secret cipher suite. | 2964 // Test that False Start is disabled without a forward-secret cipher suite. |
| 2938 TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) { | 2965 TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) { |
| 2939 SpawnedTestServer::SSLOptions server_options; | 2966 SpawnedTestServer::SSLOptions server_options; |
| 2940 server_options.key_exchanges = | 2967 server_options.key_exchanges = |
| 2941 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2968 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2942 server_options.enable_npn = true; | 2969 server_options.enable_npn = true; |
| 2943 SSLConfig client_config; | 2970 SSLConfig client_config; |
| 2944 client_config.next_protos.push_back("http/1.1"); | 2971 client_config.next_protos.push_back(kProtoHTTP11); |
| 2945 ASSERT_NO_FATAL_FAILURE( | 2972 ASSERT_NO_FATAL_FAILURE( |
| 2946 TestFalseStart(server_options, client_config, false)); | 2973 TestFalseStart(server_options, client_config, false)); |
| 2947 } | 2974 } |
| 2948 | 2975 |
| 2949 // Test that sessions are resumable after receiving the server Finished message. | 2976 // Test that sessions are resumable after receiving the server Finished message. |
| 2950 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { | 2977 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
| 2951 // Start a server. | 2978 // Start a server. |
| 2952 SpawnedTestServer::SSLOptions server_options; | 2979 SpawnedTestServer::SSLOptions server_options; |
| 2953 server_options.key_exchanges = | 2980 server_options.key_exchanges = |
| 2954 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2981 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2955 server_options.enable_npn = true; | 2982 server_options.enable_npn = true; |
| 2956 SSLConfig client_config; | 2983 SSLConfig client_config; |
| 2957 client_config.next_protos.push_back("http/1.1"); | 2984 client_config.next_protos.push_back(kProtoHTTP11); |
| 2958 | 2985 |
| 2959 // Let a full handshake complete with False Start. | 2986 // Let a full handshake complete with False Start. |
| 2960 ASSERT_NO_FATAL_FAILURE( | 2987 ASSERT_NO_FATAL_FAILURE( |
| 2961 TestFalseStart(server_options, client_config, true)); | 2988 TestFalseStart(server_options, client_config, true)); |
| 2962 | 2989 |
| 2963 // Make a second connection. | 2990 // Make a second connection. |
| 2964 TestCompletionCallback callback; | 2991 TestCompletionCallback callback; |
| 2965 scoped_ptr<StreamSocket> transport2( | 2992 scoped_ptr<StreamSocket> transport2( |
| 2966 new TCPClientSocket(addr(), &log_, NetLog::Source())); | 2993 new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2967 EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback()))); | 2994 EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback()))); |
| (...skipping 12 matching lines...) Loading... |
| 2980 // message. | 3007 // message. |
| 2981 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { | 3008 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { |
| 2982 // Start a server. | 3009 // Start a server. |
| 2983 SpawnedTestServer::SSLOptions server_options; | 3010 SpawnedTestServer::SSLOptions server_options; |
| 2984 server_options.key_exchanges = | 3011 server_options.key_exchanges = |
| 2985 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 3012 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2986 server_options.enable_npn = true; | 3013 server_options.enable_npn = true; |
| 2987 ASSERT_TRUE(StartTestServer(server_options)); | 3014 ASSERT_TRUE(StartTestServer(server_options)); |
| 2988 | 3015 |
| 2989 SSLConfig client_config; | 3016 SSLConfig client_config; |
| 2990 client_config.next_protos.push_back("http/1.1"); | 3017 client_config.next_protos.push_back(kProtoHTTP11); |
| 2991 | 3018 |
| 2992 // Start a handshake up to the server Finished message. | 3019 // Start a handshake up to the server Finished message. |
| 2993 TestCompletionCallback callback; | 3020 TestCompletionCallback callback; |
| 2994 FakeBlockingStreamSocket* raw_transport1; | 3021 FakeBlockingStreamSocket* raw_transport1; |
| 2995 scoped_ptr<SSLClientSocket> sock1; | 3022 scoped_ptr<SSLClientSocket> sock1; |
| 2996 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( | 3023 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( |
| 2997 client_config, &callback, &raw_transport1, &sock1)); | 3024 client_config, &callback, &raw_transport1, &sock1)); |
| 2998 // Although raw_transport1 has the server Finished blocked, the handshake | 3025 // Although raw_transport1 has the server Finished blocked, the handshake |
| 2999 // still completes. | 3026 // still completes. |
| 3000 EXPECT_EQ(OK, callback.WaitForResult()); | 3027 EXPECT_EQ(OK, callback.WaitForResult()); |
| (...skipping 72 matching lines...) Loading... |
| 3073 ssl_config.channel_id_enabled = true; | 3100 ssl_config.channel_id_enabled = true; |
| 3074 | 3101 |
| 3075 int rv; | 3102 int rv; |
| 3076 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3103 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 3077 | 3104 |
| 3078 EXPECT_EQ(ERR_UNEXPECTED, rv); | 3105 EXPECT_EQ(ERR_UNEXPECTED, rv); |
| 3079 EXPECT_FALSE(sock_->IsConnected()); | 3106 EXPECT_FALSE(sock_->IsConnected()); |
| 3080 } | 3107 } |
| 3081 | 3108 |
| 3082 } // namespace net | 3109 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews