Chromium Code Reviews Chromium Code Reviews
Issue 994263002:
Rewrite session cache in OpenSSL ports. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| (...skipping 2786 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2797 EXPECT_TRUE(sock->WasEverUsed()); | 2797 EXPECT_TRUE(sock->WasEverUsed()); |
| 2798 | 2798 |
| 2799 // TODO(davidben): Read one byte to ensure the test server has responded and | 2799 // TODO(davidben): Read one byte to ensure the test server has responded and |
| 2800 // then assert IsConnectedAndIdle is false. This currently doesn't work | 2800 // then assert IsConnectedAndIdle is false. This currently doesn't work |
| 2801 // because neither SSLClientSocketNSS nor SSLClientSocketOpenSSL check their | 2801 // because neither SSLClientSocketNSS nor SSLClientSocketOpenSSL check their |
| 2802 // SSL implementation's internal buffers. Either call PR_Available and | 2802 // SSL implementation's internal buffers. Either call PR_Available and |
| 2803 // SSL_pending, although the former isn't actually implemented or perhaps | 2803 // SSL_pending, although the former isn't actually implemented or perhaps |
| 2804 // attempt to read one byte extra. | 2804 // attempt to read one byte extra. |
| 2805 } | 2805 } |
| 2806 | 2806 |
| 2807 // Tests that basic session resumption works. | |
| 2808 TEST_F(SSLClientSocketTest, SessionResumption) { | |
| 2809 SpawnedTestServer::SSLOptions ssl_options; | |
| 2810 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2811 | |
| 2812 // First, perform a full handshake. | |
| 2813 SSLConfig ssl_config; | |
| 2814 TestCompletionCallback callback; | |
| 2815 scoped_ptr<StreamSocket> transport( | |
| 2816 new TCPClientSocket(addr(), &log_, NetLog::Source())); | |
| 2817 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); | |
| 2818 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( | |
| 2819 transport.Pass(), test_server()->host_port_pair(), ssl_config)); | |
| 2820 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); | |
| 2821 SSLInfo ssl_info; | |
| 2822 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info)); | |
| 2823 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2824 | |
| 2825 // The next connection should resume. | |
| 2826 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); | |
| 2827 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); | |
| 2828 sock = CreateSSLClientSocket(transport.Pass(), | |
| 2829 test_server()->host_port_pair(), ssl_config); | |
| 2830 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); | |
| 2831 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info)); | |
| 2832 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | |
| 2833 | |
| 2834 // Using a different HostPortPair uses a different session cache key. | |
| 2835 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); | |
| 2836 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); | |
| 2837 sock = CreateSSLClientSocket(transport.Pass(), | |
| 2838 HostPortPair("example.com", 443), ssl_config); | |
| 2839 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); | |
| 2840 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info)); | |
| 2841 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2842 | |
| 2843 SSLClientSocket::ClearSessionCache(); | |
| 2844 | |
| 2845 // After clearing the session cache, the next handshake doesn't resume. | |
| 2846 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); | |
| 2847 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); | |
| 2848 sock = CreateSSLClientSocket(transport.Pass(), | |
| 2849 test_server()->host_port_pair(), ssl_config); | |
| 2850 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); | |
| 2851 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info)); | |
| 2852 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2853 } | |
| 2854 | |
| 2855 // Tests that connections with certificate errors do not add entries to the | |
| 2856 // session cache. | |
| 2857 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { | |
| 2858 SpawnedTestServer::SSLOptions ssl_options; | |
| 2859 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2860 | |
| 2861 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); | |
| 2862 | |
| 2863 SSLConfig ssl_config; | |
| 2864 TestCompletionCallback callback; | |
| 2865 scoped_ptr<StreamSocket> transport( | |
| 2866 new TCPClientSocket(addr(), &log_, NetLog::Source())); | |
| 2867 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); | |
| 2868 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( | |
| 2869 transport.Pass(), test_server()->host_port_pair(), ssl_config)); | |
| 2870 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, | |
| 2871 callback.GetResult(sock->Connect(callback.callback()))); | |
| 2872 | |
| 2873 cert_verifier_->set_default_result(OK); | |
| 2874 | |
| 2875 // The next connection should perform a full handshake. | |
| 2876 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source())); | |
| 2877 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); | |
| 2878 sock = CreateSSLClientSocket(transport.Pass(), | |
| 2879 test_server()->host_port_pair(), ssl_config); | |
| 2880 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); | |
| 2881 SSLInfo ssl_info; | |
| 2882 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info)); | |
| 2883 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | |
| 2884 } | |
| 2885 | |
| 2807 // Tests that session caches are sharded by max_version. | 2886 // Tests that session caches are sharded by max_version. |
| 2808 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) { | 2887 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) { |
| 2809 SpawnedTestServer::SSLOptions ssl_options; | 2888 SpawnedTestServer::SSLOptions ssl_options; |
| 2810 ASSERT_TRUE(StartTestServer(ssl_options)); | 2889 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2811 | 2890 |
| 2812 // Prepare a normal and fallback SSL config. | 2891 // Prepare a normal and fallback SSL config. |
| 2813 SSLConfig ssl_config; | 2892 SSLConfig ssl_config; |
| 2814 SSLConfig fallback_ssl_config; | 2893 SSLConfig fallback_ssl_config; |
| 2815 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1; | 2894 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1; |
| 2816 fallback_ssl_config.version_fallback = true; | 2895 fallback_ssl_config.version_fallback = true; |
| (...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2976 EXPECT_EQ(OK, callback.GetResult(sock2->Connect(callback.callback()))); | 3055 EXPECT_EQ(OK, callback.GetResult(sock2->Connect(callback.callback()))); |
| 2977 | 3056 |
| 2978 // It should resume the session. | 3057 // It should resume the session. |
| 2979 SSLInfo ssl_info; | 3058 SSLInfo ssl_info; |
| 2980 EXPECT_TRUE(sock2->GetSSLInfo(&ssl_info)); | 3059 EXPECT_TRUE(sock2->GetSSLInfo(&ssl_info)); |
| 2981 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | 3060 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
| 2982 } | 3061 } |
| 2983 | 3062 |
| 2984 // Test that sessions are not resumable before receiving the server Finished | 3063 // Test that sessions are not resumable before receiving the server Finished |
| 2985 // message. | 3064 // message. |
| 2986 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { | 3065 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { |
|
Ryan Sleevi
2015/04/02 06:53:15
Could you add a test for a *bad* finished message?
davidben
2015/04/02 19:05:10
Added one for the Finished message hitting an erro
| |
| 2987 if (!SupportsAESGCM()) { | 3066 if (!SupportsAESGCM()) { |
| 2988 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 3067 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
| 2989 return; | 3068 return; |
| 2990 } | 3069 } |
| 2991 | 3070 |
| 2992 // Start a server. | 3071 // Start a server. |
| 2993 SpawnedTestServer::SSLOptions server_options; | 3072 SpawnedTestServer::SSLOptions server_options; |
| 2994 server_options.key_exchanges = | 3073 server_options.key_exchanges = |
| 2995 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 3074 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2996 server_options.bulk_ciphers = | 3075 server_options.bulk_ciphers = |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3099 ssl_config.channel_id_enabled = true; | 3178 ssl_config.channel_id_enabled = true; |
| 3100 | 3179 |
| 3101 int rv; | 3180 int rv; |
| 3102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3181 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 3103 | 3182 |
| 3104 EXPECT_EQ(ERR_UNEXPECTED, rv); | 3183 EXPECT_EQ(ERR_UNEXPECTED, rv); |
| 3105 EXPECT_FALSE(sock_->IsConnected()); | 3184 EXPECT_FALSE(sock_->IsConnected()); |
| 3106 } | 3185 } |
| 3107 | 3186 |
| 3108 } // namespace net | 3187 } // namespace net |
| OLD | NEW |
