Chromium Code Reviews Chromium Code Reviews
Issue 92443002:
Extract Certificate Transparency SCTs from stapled OCSP responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts| Index: net/socket/ssl_client_socket_unittest.cc |
| diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
| index 0e667c689410adbf84cbb0c4ad13edb62ed4e1d4..fba503bccb79f45fb0e013b4031a106598b7b847 100644 |
| --- a/net/socket/ssl_client_socket_unittest.cc |
| +++ b/net/socket/ssl_client_socket_unittest.cc |
| @@ -1793,9 +1793,64 @@ TEST_F(SSLClientSocketCertRequestInfoTest, TwoAuthorities) { |
| request_info->cert_authorities[1]); |
| } |
| -TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { |
| +TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) { |
| SpawnedTestServer::SSLOptions ssl_options; |
| - ssl_options.signed_cert_timestamps = "test"; |
| + ssl_options.signed_cert_timestamps_tls_ext = "test"; |
| + |
| + SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
| + ssl_options, |
| + base::FilePath()); |
| + ASSERT_TRUE(test_server.Start()); |
| + |
| + AddressList addr; |
| + ASSERT_TRUE(test_server.GetAddressList(&addr)); |
| + |
| + TestCompletionCallback callback; |
| + CapturingNetLog log; |
| + scoped_ptr<StreamSocket> transport( |
| + new TCPClientSocket(addr, &log, NetLog::Source())); |
| + int rv = transport->Connect(callback.callback()); |
| + if (rv == ERR_IO_PENDING) |
| + rv = callback.WaitForResult(); |
| + EXPECT_EQ(OK, rv); |
| + |
| + SSLConfig ssl_config; |
| + ssl_config.signed_cert_timestamps_enabled = true; |
| + |
| + scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
| + transport.Pass(), test_server.host_port_pair(), ssl_config)); |
| + |
| + EXPECT_FALSE(sock->IsConnected()); |
| + |
| + rv = sock->Connect(callback.callback()); |
| + |
| + CapturingNetLog::CapturedEntryList entries; |
| + log.GetEntries(&entries); |
| + EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
| + if (rv == ERR_IO_PENDING) |
| + rv = callback.WaitForResult(); |
| + EXPECT_EQ(OK, rv); |
| + EXPECT_TRUE(sock->IsConnected()); |
| + log.GetEntries(&entries); |
| + EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
| + |
| +#if !defined(USE_OPENSSL) |
| + EXPECT_TRUE(sock->WereSignedCertTimestampsReceived()); |
| +#else |
| + // Enabling CT for OpenSSL is currently a noop. |
| + EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); |
| +#endif |
| + |
| + sock->Disconnect(); |
| + EXPECT_FALSE(sock->IsConnected()); |
| +} |
| + |
| +TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledOCSP) { |
| + SpawnedTestServer::SSLOptions ssl_options; |
| + ssl_options.signed_cert_timestamps_ocsp = "test"; |
| + // The test server currently only knows how to generate OCSP responses |
| + // for a freshly minted certificate. |
| + ssl_options.server_certificate = SpawnedTestServer::SSLOptions::CERT_AUTO; |
| SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
| ssl_options, |
| @@ -1847,7 +1902,8 @@ TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { |
| TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { |
| SpawnedTestServer::SSLOptions ssl_options; |
| - ssl_options.signed_cert_timestamps = "test"; |
| + ssl_options.signed_cert_timestamps_tls_ext = "test"; |
| + ssl_options.signed_cert_timestamps_tls_ext = "test2"; |
|
wtc
2013/12/03 21:04:25
BUG: I think you meant to assign "test2" to ssl_op
ekasper
2013/12/04 19:25:15
I did but this has gone away as I've reverted Were
|
| SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
| ssl_options, |
