| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| (...skipping 2797 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2808 EXPECT_TRUE(sock->WasEverUsed()); | 2808 EXPECT_TRUE(sock->WasEverUsed()); |
| 2809 | 2809 |
| 2810 // TODO(davidben): Read one byte to ensure the test server has responded and | 2810 // TODO(davidben): Read one byte to ensure the test server has responded and |
| 2811 // then assert IsConnectedAndIdle is false. This currently doesn't work | 2811 // then assert IsConnectedAndIdle is false. This currently doesn't work |
| 2812 // because neither SSLClientSocketNSS nor SSLClientSocketOpenSSL check their | 2812 // because neither SSLClientSocketNSS nor SSLClientSocketOpenSSL check their |
| 2813 // SSL implementation's internal buffers. Either call PR_Available and | 2813 // SSL implementation's internal buffers. Either call PR_Available and |
| 2814 // SSL_pending, although the former isn't actually implemented or perhaps | 2814 // SSL_pending, although the former isn't actually implemented or perhaps |
| 2815 // attempt to read one byte extra. | 2815 // attempt to read one byte extra. |
| 2816 } | 2816 } |
| 2817 | 2817 |
| 2818 // Tests that basic session resumption works. |
| 2819 TEST_F(SSLClientSocketTest, SessionResumption) { |
| 2820 SpawnedTestServer::SSLOptions ssl_options; |
| 2821 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2822 |
| 2823 // First, perform a full handshake. |
| 2824 SSLConfig ssl_config; |
| 2825 TestCompletionCallback callback; |
| 2826 scoped_ptr<StreamSocket> transport( |
| 2827 new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2828 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); |
| 2829 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
| 2830 transport.Pass(), test_server()->host_port_pair(), ssl_config)); |
| 2831 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); |
| 2832 SSLInfo ssl_info; |
| 2833 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info)); |
| 2834 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2835 |
| 2836 // The next connection should resume. |
| 2837 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2838 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); |
| 2839 sock = CreateSSLClientSocket(transport.Pass(), |
| 2840 test_server()->host_port_pair(), ssl_config); |
| 2841 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); |
| 2842 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info)); |
| 2843 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
| 2844 |
| 2845 // Using a different HostPortPair uses a different session cache key. |
| 2846 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2847 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); |
| 2848 sock = CreateSSLClientSocket(transport.Pass(), |
| 2849 HostPortPair("example.com", 443), ssl_config); |
| 2850 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); |
| 2851 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info)); |
| 2852 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2853 |
| 2854 SSLClientSocket::ClearSessionCache(); |
| 2855 |
| 2856 // After clearing the session cache, the next handshake doesn't resume. |
| 2857 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2858 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); |
| 2859 sock = CreateSSLClientSocket(transport.Pass(), |
| 2860 test_server()->host_port_pair(), ssl_config); |
| 2861 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); |
| 2862 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info)); |
| 2863 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2864 } |
| 2865 |
| 2866 // Tests that connections with certificate errors do not add entries to the |
| 2867 // session cache. |
| 2868 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { |
| 2869 SpawnedTestServer::SSLOptions ssl_options; |
| 2870 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2871 |
| 2872 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); |
| 2873 |
| 2874 SSLConfig ssl_config; |
| 2875 TestCompletionCallback callback; |
| 2876 scoped_ptr<StreamSocket> transport( |
| 2877 new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2878 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); |
| 2879 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
| 2880 transport.Pass(), test_server()->host_port_pair(), ssl_config)); |
| 2881 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, |
| 2882 callback.GetResult(sock->Connect(callback.callback()))); |
| 2883 |
| 2884 cert_verifier_->set_default_result(OK); |
| 2885 |
| 2886 // The next connection should perform a full handshake. |
| 2887 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2888 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); |
| 2889 sock = CreateSSLClientSocket(transport.Pass(), |
| 2890 test_server()->host_port_pair(), ssl_config); |
| 2891 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); |
| 2892 SSLInfo ssl_info; |
| 2893 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info)); |
| 2894 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2895 } |
| 2896 |
| 2818 // Tests that session caches are sharded by max_version. | 2897 // Tests that session caches are sharded by max_version. |
| 2819 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) { | 2898 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) { |
| 2820 SpawnedTestServer::SSLOptions ssl_options; | 2899 SpawnedTestServer::SSLOptions ssl_options; |
| 2821 ASSERT_TRUE(StartTestServer(ssl_options)); | 2900 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2822 | 2901 |
| 2823 // Prepare a normal and fallback SSL config. | 2902 // Prepare a normal and fallback SSL config. |
| 2824 SSLConfig ssl_config; | 2903 SSLConfig ssl_config; |
| 2825 SSLConfig fallback_ssl_config; | 2904 SSLConfig fallback_ssl_config; |
| 2826 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1; | 2905 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1; |
| 2827 fallback_ssl_config.version_fallback = true; | 2906 fallback_ssl_config.version_fallback = true; |
| (...skipping 438 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3266 ssl_config.channel_id_enabled = true; | 3345 ssl_config.channel_id_enabled = true; |
| 3267 | 3346 |
| 3268 int rv; | 3347 int rv; |
| 3269 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3348 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 3270 | 3349 |
| 3271 EXPECT_EQ(ERR_UNEXPECTED, rv); | 3350 EXPECT_EQ(ERR_UNEXPECTED, rv); |
| 3272 EXPECT_FALSE(sock_->IsConnected()); | 3351 EXPECT_FALSE(sock_->IsConnected()); |
| 3273 } | 3352 } |
| 3274 | 3353 |
| 3275 } // namespace net | 3354 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 994263002:
Rewrite session cache in OpenSSL ports. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master