Index: net/socket/ssl_client_socket_unittest.cc |
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
index 0e667c689410adbf84cbb0c4ad13edb62ed4e1d4..c919c4a84b663e0d81a00444ae09800459769e00 100644 |
--- a/net/socket/ssl_client_socket_unittest.cc |
+++ b/net/socket/ssl_client_socket_unittest.cc |
@@ -1793,9 +1793,9 @@ TEST_F(SSLClientSocketCertRequestInfoTest, TwoAuthorities) { |
request_info->cert_authorities[1]); |
} |
-TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { |
+TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) { |
SpawnedTestServer::SSLOptions ssl_options; |
- ssl_options.signed_cert_timestamps = "test"; |
+ ssl_options.signed_cert_timestamps_tls_ext = "test"; |
SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
ssl_options, |
@@ -1845,9 +1845,68 @@ TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { |
EXPECT_FALSE(sock->IsConnected()); |
} |
+// Test that enabling Signed Certificate Timestamps enables OCSP stapling. |
+TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledOCSP) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.staple_ocsp_response = true; |
+ // The test server currently only knows how to generate OCSP responses |
+ // for a freshly minted certificate. |
+ ssl_options.server_certificate = SpawnedTestServer::SSLOptions::CERT_AUTO; |
+ |
+ SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
+ ssl_options, |
+ base::FilePath()); |
+ ASSERT_TRUE(test_server.Start()); |
+ |
+ AddressList addr; |
+ ASSERT_TRUE(test_server.GetAddressList(&addr)); |
+ |
+ TestCompletionCallback callback; |
+ CapturingNetLog log; |
+ scoped_ptr<StreamSocket> transport( |
+ new TCPClientSocket(addr, &log, NetLog::Source())); |
+ int rv = transport->Connect(callback.callback()); |
+ if (rv == ERR_IO_PENDING) |
+ rv = callback.WaitForResult(); |
+ EXPECT_EQ(OK, rv); |
+ |
+ SSLConfig ssl_config; |
+ // Enabling Signed Cert Timestamps ensures we request stapled OCSP for |
wtc
2013/12/10 04:23:17
Nit: stapled OCSP => OCSP stapling
ekasper
2013/12/10 14:45:20
Done.
|
+ // Certificate Transparency verification regardless of whether the platform |
+ // is able to process the OCSP status itself. |
wtc
2013/12/10 04:23:17
Nit: OCSP status => OCSP response.
ekasper
2013/12/10 14:45:20
Hm, no, I meant "OCSP status" as in revocation sta
wtc
2013/12/12 02:31:45
I see. I found "OCSP status" a little ambiguous be
|
+ ssl_config.signed_cert_timestamps_enabled = true; |
+ |
+ scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
+ transport.Pass(), test_server.host_port_pair(), ssl_config)); |
+ |
+ EXPECT_FALSE(sock->IsConnected()); |
+ |
+ rv = sock->Connect(callback.callback()); |
+ |
+ CapturingNetLog::CapturedEntryList entries; |
+ log.GetEntries(&entries); |
+ EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
+ if (rv == ERR_IO_PENDING) |
+ rv = callback.WaitForResult(); |
+ EXPECT_EQ(OK, rv); |
+ EXPECT_TRUE(sock->IsConnected()); |
+ log.GetEntries(&entries); |
+ EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
+ |
+#if !defined(USE_OPENSSL) |
+ EXPECT_TRUE(sock->WasStapledOCSPResponseReceived()); |
+#else |
+ // OCSP stapling isn't currently supported in the OpenSSL socket. |
+ EXPECT_FALSE(sock->WasStapledOCSPResponseReceived()); |
+#endif |
+ |
+ sock->Disconnect(); |
+ EXPECT_FALSE(sock->IsConnected()); |
+} |
+ |
TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { |
SpawnedTestServer::SSLOptions ssl_options; |
- ssl_options.signed_cert_timestamps = "test"; |
+ ssl_options.signed_cert_timestamps_tls_ext = "test"; |
SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
ssl_options, |