Rewrite session cache in OpenSSL ports.

net/socket/ssl_client_socket_unittest.cc

Index: net/socket/ssl_client_socket_unittest.cc
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 4b74ca0b93dd6caa20495c7efd8614df05c70f16..da50becc017752edc8a2eacf4ad55f6fde22fa64 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2804,6 +2804,85 @@ TEST_F(SSLClientSocketTest, ReuseStates) {
   // attempt to read one byte extra.
 }
 
+// Tests that basic session resumption works.
+TEST_F(SSLClientSocketTest, SessionResumption) {
+  SpawnedTestServer::SSLOptions ssl_options;
+  ASSERT_TRUE(StartTestServer(ssl_options));
+
+  // First, perform a full handshake.
+  SSLConfig ssl_config;
+  TestCompletionCallback callback;
+  scoped_ptr<StreamSocket> transport(
+      new TCPClientSocket(addr(), &log_, NetLog::Source()));
+  EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+      transport.Pass(), test_server()->host_port_pair(), ssl_config));
+  EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
+  SSLInfo ssl_info;
+  EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));

[Ryan Sleevi, 2015/03/24 23:47:22]

Should this be an ASSERT on 2820? Otherwise isn't this sketch? GetSSLInfo
doesn't actually check that you connected.

[davidben, 2015/03/26 20:22:57]

Done.

+  EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
+
+  // The next connection should resume.
+  transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
+  EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));

[Ryan Sleevi, 2015/03/24 23:47:22]

ASSERT

[davidben, 2015/03/26 20:22:57]

Done.

+  sock = CreateSSLClientSocket(transport.Pass(),
+                               test_server()->host_port_pair(), ssl_config);
+  EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));

[Ryan Sleevi, 2015/03/24 23:47:22]

ASSERT

[davidben, 2015/03/26 20:22:57]

Done.

+  EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
+  EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
+
+  // Using a different HostPortPair uses a different session cache key.

[Ryan Sleevi, 2015/03/24 23:47:22]

This doesn't seem right - you use the same underlying address. NSS uses this as
the session cache key.

[davidben, 2015/03/26 20:22:57]

If NSS only used that as the session cache key, all kinds of things would
explode. :-P It also uses the peer_id string which includes the HostPortPair.

+  transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
+  EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));

[Ryan Sleevi, 2015/03/24 23:47:22]

ASSERT

[davidben, 2015/03/26 20:22:57]

Done.

+  sock = CreateSSLClientSocket(transport.Pass(),
+                               HostPortPair("example.com", 443), ssl_config);
+  EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));

[Ryan Sleevi, 2015/03/24 23:47:22]

ASSERT

[davidben, 2015/03/26 20:22:57]

Done.

+  EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
+  EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
+
+  SSLClientSocket::ClearSessionCache();
+
+  // After clearing the session cache, the next handshake doesn't resume.
+  transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
+  EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+  sock = CreateSSLClientSocket(transport.Pass(),
+                               test_server()->host_port_pair(), ssl_config);
+  EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
+  EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
+  EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
+}
+
+// Tests that connections with certificate errors do not add entries to the
+// session cache.
+TEST_F(SSLClientSocketTest, CertificateErrorNoResume) {
+  SpawnedTestServer::SSLOptions ssl_options;
+  ASSERT_TRUE(StartTestServer(ssl_options));
+
+  cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
+
+  SSLConfig ssl_config;
+  TestCompletionCallback callback;
+  scoped_ptr<StreamSocket> transport(
+      new TCPClientSocket(addr(), &log_, NetLog::Source()));
+  EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+  scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+      transport.Pass(), test_server()->host_port_pair(), ssl_config));
+  EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID,
+            callback.GetResult(sock->Connect(callback.callback())));
+
+  cert_verifier_->set_default_result(OK);
+
+  // The next connection should perform a full handshake.
+  transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
+  EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+  sock = CreateSSLClientSocket(transport.Pass(),
+                               test_server()->host_port_pair(), ssl_config);
+  EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
+  SSLInfo ssl_info;
+  EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
+  EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
+}
+
 // Tests that session caches are sharded by max_version.
 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) {
   SpawnedTestServer::SSLOptions ssl_options;