Index: net/socket/ssl_client_socket_unittest.cc |
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
index f791928580f60c07bce57cf057d7c0bffed94ecf..c0cbff453eff03834b9510378e9f6d12e00785cc 100644 |
--- a/net/socket/ssl_client_socket_unittest.cc |
+++ b/net/socket/ssl_client_socket_unittest.cc |
@@ -1793,6 +1793,102 @@ TEST_F(SSLClientSocketCertRequestInfoTest, TwoAuthorities) { |
request_info->cert_authorities[1]); |
} |
+TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.signed_cert_timestamps = "test"; |
+ |
+ SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
+ ssl_options, |
+ base::FilePath()); |
+ ASSERT_TRUE(test_server.Start()); |
+ |
+ AddressList addr; |
+ ASSERT_TRUE(test_server.GetAddressList(&addr)); |
+ |
+ TestCompletionCallback callback; |
+ CapturingNetLog log; |
+ scoped_ptr<StreamSocket> transport( |
+ new TCPClientSocket(addr, &log, NetLog::Source())); |
+ int rv = transport->Connect(callback.callback()); |
+ if (rv == ERR_IO_PENDING) |
+ rv = callback.WaitForResult(); |
+ EXPECT_EQ(OK, rv); |
+ |
+ SSLConfig ssl_config; |
+ ssl_config.signed_cert_timestamps_enabled = true; |
+ |
+ scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
+ transport.Pass(), test_server.host_port_pair(), ssl_config)); |
+ |
+ EXPECT_FALSE(sock->IsConnected()); |
+ |
+ rv = sock->Connect(callback.callback()); |
+ |
+ CapturingNetLog::CapturedEntryList entries; |
+ log.GetEntries(&entries); |
+ EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
+ if (rv == ERR_IO_PENDING) |
+ rv = callback.WaitForResult(); |
+ EXPECT_EQ(OK, rv); |
+ EXPECT_TRUE(sock->IsConnected()); |
+ log.GetEntries(&entries); |
+ EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
+ |
+#if !defined(USE_OPENSSL) |
+ EXPECT_TRUE(sock->WereSignedCertTimestampsReceived()); |
+#else |
+ // Enabling CT for OpenSSL is currently a noop. |
+ EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); |
+#endif |
+ |
+ sock->Disconnect(); |
+ EXPECT_FALSE(sock->IsConnected()); |
+} |
+ |
+TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { |
+ SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
wtc
2013/11/26 17:32:55
The test_server in this unit test should also have
ekasper
2013/11/26 19:33:54
Good point - I wanted to test that no "SCTs" were
|
+ SpawnedTestServer::kLocalhost, |
+ base::FilePath()); |
+ ASSERT_TRUE(test_server.Start()); |
+ |
+ AddressList addr; |
+ ASSERT_TRUE(test_server.GetAddressList(&addr)); |
+ |
+ TestCompletionCallback callback; |
+ CapturingNetLog log; |
+ scoped_ptr<StreamSocket> transport( |
+ new TCPClientSocket(addr, &log, NetLog::Source())); |
+ int rv = transport->Connect(callback.callback()); |
+ if (rv == ERR_IO_PENDING) |
+ rv = callback.WaitForResult(); |
+ EXPECT_EQ(OK, rv); |
+ |
+ SSLConfig ssl_config; |
+ ssl_config.signed_cert_timestamps_enabled = false; |
+ |
+ scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
+ transport.Pass(), test_server.host_port_pair(), ssl_config)); |
+ |
+ EXPECT_FALSE(sock->IsConnected()); |
+ |
+ rv = sock->Connect(callback.callback()); |
+ |
+ CapturingNetLog::CapturedEntryList entries; |
+ log.GetEntries(&entries); |
+ EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
+ if (rv == ERR_IO_PENDING) |
+ rv = callback.WaitForResult(); |
+ EXPECT_EQ(OK, rv); |
+ EXPECT_TRUE(sock->IsConnected()); |
+ log.GetEntries(&entries); |
+ EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
+ |
+ EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); |
+ |
+ sock->Disconnect(); |
+ EXPECT_FALSE(sock->IsConnected()); |
+} |
+ |
} // namespace |
} // namespace net |