net/socket/ssl_client_socket_unittest.cc - Issue 994263002: Rewrite session cache in OpenSSL ports.

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 994263002: Rewrite session cache in OpenSSL ports. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: sleevi comments Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/socket/ssl_client_socket.h"	5 #include "net/socket/ssl_client_socket.h"

6	6

7 #include "base/callback_helpers.h"	7 #include "base/callback_helpers.h"

8 #include "base/memory/ref_counted.h"	8 #include "base/memory/ref_counted.h"

9 #include "base/run_loop.h"	9 #include "base/run_loop.h"

10 #include "base/time/time.h"	10 #include "base/time/time.h"

(...skipping 2786 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2797 EXPECT_TRUE(sock->WasEverUsed());	2797 EXPECT_TRUE(sock->WasEverUsed());

2798	2798

2799 // TODO(davidben): Read one byte to ensure the test server has responded and	2799 // TODO(davidben): Read one byte to ensure the test server has responded and

2800 // then assert IsConnectedAndIdle is false. This currently doesn't work	2800 // then assert IsConnectedAndIdle is false. This currently doesn't work

2801 // because neither SSLClientSocketNSS nor SSLClientSocketOpenSSL check their	2801 // because neither SSLClientSocketNSS nor SSLClientSocketOpenSSL check their

2802 // SSL implementation's internal buffers. Either call PR_Available and	2802 // SSL implementation's internal buffers. Either call PR_Available and

2803 // SSL_pending, although the former isn't actually implemented or perhaps	2803 // SSL_pending, although the former isn't actually implemented or perhaps

2804 // attempt to read one byte extra.	2804 // attempt to read one byte extra.

2805 }	2805 }

2806	2806

	2807 // Tests that basic session resumption works.

	2808 TEST_F(SSLClientSocketTest, SessionResumption) {

	2809 SpawnedTestServer::SSLOptions ssl_options;

	2810 ASSERT_TRUE(StartTestServer(ssl_options));

	2811

	2812 // First, perform a full handshake.

	2813 SSLConfig ssl_config;

	2814 TestCompletionCallback callback;

	2815 scoped_ptr<StreamSocket> transport(

	2816 new TCPClientSocket(addr(), &log_, NetLog::Source()));

	2817 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));

	2818 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(

	2819 transport.Pass(), test_server()->host_port_pair(), ssl_config));

	2820 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));

	2821 SSLInfo ssl_info;

	2822 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
	Ryan Sleevi 2015/03/24 23:47:22 Should this be an ASSERT on 2820? Otherwise isn't Should this be an ASSERT on 2820? Otherwise isn't this sketch? GetSSLInfo doesn't actually check that you connected. davidben 2015/03/26 20:22:57 Done. Show quoted text On 2015/03/24 23:47:22, Ryan Sleevi wrote: > Should this be an ASSERT on 2820? Otherwise isn't this sketch? GetSSLInfo > doesn't actually check that you connected. Done.
	2823 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);

	2824

	2825 // The next connection should resume.

	2826 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));

	2827 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
	Ryan Sleevi 2015/03/24 23:47:22 ASSERT ASSERT davidben 2015/03/26 20:22:57 Done. Show quoted text On 2015/03/24 23:47:22, Ryan Sleevi wrote: > ASSERT Done.
	2828 sock = CreateSSLClientSocket(transport.Pass(),

	2829 test_server()->host_port_pair(), ssl_config);

	2830 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
	Ryan Sleevi 2015/03/24 23:47:22 ASSERT ASSERT davidben 2015/03/26 20:22:57 Done. Show quoted text On 2015/03/24 23:47:22, Ryan Sleevi wrote: > ASSERT Done.
	2831 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));

	2832 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);

	2833

	2834 // Using a different HostPortPair uses a different session cache key.
	Ryan Sleevi 2015/03/24 23:47:22 This doesn't seem right - you use the same underly This doesn't seem right - you use the same underlying address. NSS uses this as the session cache key. davidben 2015/03/26 20:22:57 If NSS only used that as the session cache key, al Show quoted text On 2015/03/24 23:47:22, Ryan Sleevi wrote: > This doesn't seem right - you use the same underlying address. NSS uses this as > the session cache key. If NSS only used that as the session cache key, all kinds of things would explode. :-P It also uses the peer_id string which includes the HostPortPair.
	2835 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));

	2836 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
	Ryan Sleevi 2015/03/24 23:47:22 ASSERT ASSERT davidben 2015/03/26 20:22:57 Done. Show quoted text On 2015/03/24 23:47:22, Ryan Sleevi wrote: > ASSERT Done.
	2837 sock = CreateSSLClientSocket(transport.Pass(),

	2838 HostPortPair("example.com", 443), ssl_config);

	2839 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
	Ryan Sleevi 2015/03/24 23:47:22 ASSERT ASSERT davidben 2015/03/26 20:22:57 Done. Show quoted text On 2015/03/24 23:47:22, Ryan Sleevi wrote: > ASSERT Done.
	2840 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));

	2841 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);

	2842

	2843 SSLClientSocket::ClearSessionCache();

	2844

	2845 // After clearing the session cache, the next handshake doesn't resume.

	2846 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));

	2847 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));

	2848 sock = CreateSSLClientSocket(transport.Pass(),

	2849 test_server()->host_port_pair(), ssl_config);

	2850 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));

	2851 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));

	2852 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);

	2853 }

	2854

	2855 // Tests that connections with certificate errors do not add entries to the

	2856 // session cache.

	2857 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) {

	2858 SpawnedTestServer::SSLOptions ssl_options;

	2859 ASSERT_TRUE(StartTestServer(ssl_options));

	2860

	2861 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);

	2862

	2863 SSLConfig ssl_config;

	2864 TestCompletionCallback callback;

	2865 scoped_ptr<StreamSocket> transport(

	2866 new TCPClientSocket(addr(), &log_, NetLog::Source()));

	2867 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));

	2868 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(

	2869 transport.Pass(), test_server()->host_port_pair(), ssl_config));

	2870 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID,

	2871 callback.GetResult(sock->Connect(callback.callback())));

	2872

	2873 cert_verifier_->set_default_result(OK);

	2874

	2875 // The next connection should perform a full handshake.

	2876 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));

	2877 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));

	2878 sock = CreateSSLClientSocket(transport.Pass(),

	2879 test_server()->host_port_pair(), ssl_config);

	2880 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));

	2881 SSLInfo ssl_info;

	2882 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));

	2883 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);

	2884 }

	2885

2807 // Tests that session caches are sharded by max_version.	2886 // Tests that session caches are sharded by max_version.

2808 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) {	2887 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) {

2809 SpawnedTestServer::SSLOptions ssl_options;	2888 SpawnedTestServer::SSLOptions ssl_options;

2810 ASSERT_TRUE(StartTestServer(ssl_options));	2889 ASSERT_TRUE(StartTestServer(ssl_options));

2811	2890

2812 // Prepare a normal and fallback SSL config.	2891 // Prepare a normal and fallback SSL config.

2813 SSLConfig ssl_config;	2892 SSLConfig ssl_config;

2814 SSLConfig fallback_ssl_config;	2893 SSLConfig fallback_ssl_config;

2815 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1;	2894 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1;

2816 fallback_ssl_config.version_fallback = true;	2895 fallback_ssl_config.version_fallback = true;

(...skipping 282 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3099 ssl_config.channel_id_enabled = true;	3178 ssl_config.channel_id_enabled = true;

3100	3179

3101 int rv;	3180 int rv;

3102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));	3181 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

3103	3182

3104 EXPECT_EQ(ERR_UNEXPECTED, rv);	3183 EXPECT_EQ(ERR_UNEXPECTED, rv);

3105 EXPECT_FALSE(sock_->IsConnected());	3184 EXPECT_FALSE(sock_->IsConnected());

3106 }	3185 }

3107	3186

3108 } // namespace net	3187 } // namespace net

OLD	NEW

« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/socket/ssl_session_cache_openssl.h » ('j') | no next file with comments »