| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "net/base/address_list.h" | 9 #include "net/base/address_list.h" |
| 10 #include "net/base/io_buffer.h" | 10 #include "net/base/io_buffer.h" |
| (...skipping 1775 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); | 1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); |
| 1787 ASSERT_TRUE(request_info.get()); | 1787 ASSERT_TRUE(request_info.get()); |
| 1788 ASSERT_EQ(2u, request_info->cert_authorities.size()); | 1788 ASSERT_EQ(2u, request_info->cert_authorities.size()); |
| 1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), | 1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), |
| 1790 request_info->cert_authorities[0]); | 1790 request_info->cert_authorities[0]); |
| 1791 EXPECT_EQ( | 1791 EXPECT_EQ( |
| 1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), | 1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), |
| 1793 request_info->cert_authorities[1]); | 1793 request_info->cert_authorities[1]); |
| 1794 } | 1794 } |
| 1795 | 1795 |
| 1796 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { | 1796 } // namespace |
| 1797 |
| 1798 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) { |
| 1797 SpawnedTestServer::SSLOptions ssl_options; | 1799 SpawnedTestServer::SSLOptions ssl_options; |
| 1798 ssl_options.signed_cert_timestamps = "test"; | 1800 ssl_options.signed_cert_timestamps_tls_ext = "test"; |
| 1799 | 1801 |
| 1800 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, | 1802 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
| 1801 ssl_options, | 1803 ssl_options, |
| 1802 base::FilePath()); | 1804 base::FilePath()); |
| 1803 ASSERT_TRUE(test_server.Start()); | 1805 ASSERT_TRUE(test_server.Start()); |
| 1804 | 1806 |
| 1805 AddressList addr; | 1807 AddressList addr; |
| 1806 ASSERT_TRUE(test_server.GetAddressList(&addr)); | 1808 ASSERT_TRUE(test_server.GetAddressList(&addr)); |
| 1807 | 1809 |
| 1808 TestCompletionCallback callback; | 1810 TestCompletionCallback callback; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 1828 log.GetEntries(&entries); | 1830 log.GetEntries(&entries); |
| 1829 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | 1831 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
| 1830 if (rv == ERR_IO_PENDING) | 1832 if (rv == ERR_IO_PENDING) |
| 1831 rv = callback.WaitForResult(); | 1833 rv = callback.WaitForResult(); |
| 1832 EXPECT_EQ(OK, rv); | 1834 EXPECT_EQ(OK, rv); |
| 1833 EXPECT_TRUE(sock->IsConnected()); | 1835 EXPECT_TRUE(sock->IsConnected()); |
| 1834 log.GetEntries(&entries); | 1836 log.GetEntries(&entries); |
| 1835 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); | 1837 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 1836 | 1838 |
| 1837 #if !defined(USE_OPENSSL) | 1839 #if !defined(USE_OPENSSL) |
| 1838 EXPECT_TRUE(sock->WereSignedCertTimestampsReceived()); | 1840 EXPECT_TRUE(sock->signed_cert_timestamps_received_); |
| 1839 #else | 1841 #else |
| 1840 // Enabling CT for OpenSSL is currently a noop. | 1842 // Enabling CT for OpenSSL is currently a noop. |
| 1841 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); | 1843 EXPECT_FALSE(sock->signed_cert_timestamps_received_); |
| 1842 #endif | 1844 #endif |
| 1843 | 1845 |
| 1844 sock->Disconnect(); | 1846 sock->Disconnect(); |
| 1847 EXPECT_FALSE(sock->IsConnected()); |
| 1848 } |
| 1849 |
| 1850 // Test that enabling Signed Certificate Timestamps enables OCSP stapling. |
| 1851 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledOCSP) { |
| 1852 SpawnedTestServer::SSLOptions ssl_options; |
| 1853 ssl_options.staple_ocsp_response = true; |
| 1854 // The test server currently only knows how to generate OCSP responses |
| 1855 // for a freshly minted certificate. |
| 1856 ssl_options.server_certificate = SpawnedTestServer::SSLOptions::CERT_AUTO; |
| 1857 |
| 1858 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
| 1859 ssl_options, |
| 1860 base::FilePath()); |
| 1861 ASSERT_TRUE(test_server.Start()); |
| 1862 |
| 1863 AddressList addr; |
| 1864 ASSERT_TRUE(test_server.GetAddressList(&addr)); |
| 1865 |
| 1866 TestCompletionCallback callback; |
| 1867 CapturingNetLog log; |
| 1868 scoped_ptr<StreamSocket> transport( |
| 1869 new TCPClientSocket(addr, &log, NetLog::Source())); |
| 1870 int rv = transport->Connect(callback.callback()); |
| 1871 if (rv == ERR_IO_PENDING) |
| 1872 rv = callback.WaitForResult(); |
| 1873 EXPECT_EQ(OK, rv); |
| 1874 |
| 1875 SSLConfig ssl_config; |
| 1876 // Enabling Signed Cert Timestamps ensures we request OCSP stapling for |
| 1877 // Certificate Transparency verification regardless of whether the platform |
| 1878 // is able to process the OCSP status itself. |
| 1879 ssl_config.signed_cert_timestamps_enabled = true; |
| 1880 |
| 1881 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
| 1882 transport.Pass(), test_server.host_port_pair(), ssl_config)); |
| 1883 |
| 1884 EXPECT_FALSE(sock->IsConnected()); |
| 1885 |
| 1886 rv = sock->Connect(callback.callback()); |
| 1887 |
| 1888 CapturingNetLog::CapturedEntryList entries; |
| 1889 log.GetEntries(&entries); |
| 1890 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
| 1891 if (rv == ERR_IO_PENDING) |
| 1892 rv = callback.WaitForResult(); |
| 1893 EXPECT_EQ(OK, rv); |
| 1894 EXPECT_TRUE(sock->IsConnected()); |
| 1895 log.GetEntries(&entries); |
| 1896 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 1897 |
| 1898 #if !defined(USE_OPENSSL) |
| 1899 EXPECT_TRUE(sock->stapled_ocsp_response_received_); |
| 1900 #else |
| 1901 // OCSP stapling isn't currently supported in the OpenSSL socket. |
| 1902 EXPECT_FALSE(sock->stapled_ocsp_response_received_); |
| 1903 #endif |
| 1904 |
| 1905 sock->Disconnect(); |
| 1845 EXPECT_FALSE(sock->IsConnected()); | 1906 EXPECT_FALSE(sock->IsConnected()); |
| 1846 } | 1907 } |
| 1847 | 1908 |
| 1848 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { | 1909 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { |
| 1849 SpawnedTestServer::SSLOptions ssl_options; | 1910 SpawnedTestServer::SSLOptions ssl_options; |
| 1850 ssl_options.signed_cert_timestamps = "test"; | 1911 ssl_options.signed_cert_timestamps_tls_ext = "test"; |
| 1851 | 1912 |
| 1852 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, | 1913 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
| 1853 ssl_options, | 1914 ssl_options, |
| 1854 base::FilePath()); | 1915 base::FilePath()); |
| 1855 ASSERT_TRUE(test_server.Start()); | 1916 ASSERT_TRUE(test_server.Start()); |
| 1856 | 1917 |
| 1857 AddressList addr; | 1918 AddressList addr; |
| 1858 ASSERT_TRUE(test_server.GetAddressList(&addr)); | 1919 ASSERT_TRUE(test_server.GetAddressList(&addr)); |
| 1859 | 1920 |
| 1860 TestCompletionCallback callback; | 1921 TestCompletionCallback callback; |
| (...skipping 18 matching lines...) Expand all Loading... |
| 1879 CapturingNetLog::CapturedEntryList entries; | 1940 CapturingNetLog::CapturedEntryList entries; |
| 1880 log.GetEntries(&entries); | 1941 log.GetEntries(&entries); |
| 1881 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | 1942 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
| 1882 if (rv == ERR_IO_PENDING) | 1943 if (rv == ERR_IO_PENDING) |
| 1883 rv = callback.WaitForResult(); | 1944 rv = callback.WaitForResult(); |
| 1884 EXPECT_EQ(OK, rv); | 1945 EXPECT_EQ(OK, rv); |
| 1885 EXPECT_TRUE(sock->IsConnected()); | 1946 EXPECT_TRUE(sock->IsConnected()); |
| 1886 log.GetEntries(&entries); | 1947 log.GetEntries(&entries); |
| 1887 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); | 1948 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| 1888 | 1949 |
| 1889 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); | 1950 EXPECT_FALSE(sock->signed_cert_timestamps_received_); |
| 1890 | 1951 |
| 1891 sock->Disconnect(); | 1952 sock->Disconnect(); |
| 1892 EXPECT_FALSE(sock->IsConnected()); | 1953 EXPECT_FALSE(sock->IsConnected()); |
| 1893 } | 1954 } |
| 1894 | 1955 |
| 1895 } // namespace | |
| 1896 | |
| 1897 } // namespace net | 1956 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 92443002:
Extract Certificate Transparency SCTs from stapled OCSP responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts