Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: rebase Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/callback_helpers.h" 7 #include "base/callback_helpers.h"
8 #include "base/location.h" 8 #include "base/location.h"
9 #include "base/memory/ref_counted.h" 9 #include "base/memory/ref_counted.h"
10 #include "base/run_loop.h" 10 #include "base/run_loop.h"
(...skipping 2566 matching lines...) Expand 10 before | Expand all | Expand 10 after
2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; 2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA;
2578 ASSERT_TRUE(StartTestServer(ssl_options)); 2578 ASSERT_TRUE(StartTestServer(ssl_options));
2579 2579
2580 SSLConfig config; 2580 SSLConfig config;
2581 config.require_ecdhe = true; 2581 config.require_ecdhe = true;
2582 int rv; 2582 int rv;
2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); 2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
2585 } 2585 }
2586 2586
2587 TEST_F(SSLClientSocketTest, TokenBindingEnabled) {
2588 SpawnedTestServer::SSLOptions ssl_options;
2589 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
2590 ASSERT_TRUE(StartTestServer(ssl_options));
2591
2592 SSLConfig ssl_config;
2593 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
2594
2595 int rv;
2596 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2597 EXPECT_EQ(OK, rv);
2598 SSLInfo info;
2599 EXPECT_TRUE(sock_->GetSSLInfo(&info));
2600 EXPECT_TRUE(info.token_binding_negotiated);
2601 EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param);
2602 }
2603
2604 TEST_F(SSLClientSocketTest, TokenBindingFailsWithEmsDisabled) {
2605 SpawnedTestServer::SSLOptions ssl_options;
2606 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
2607 ssl_options.disable_extended_master_secret = true;
2608 ASSERT_TRUE(StartTestServer(ssl_options));
2609
2610 SSLConfig ssl_config;
2611 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
2612
2613 int rv;
2614 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2615 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv);
2616 }
2617
2618 TEST_F(SSLClientSocketTest, TokenBindingEnabledWithoutServerSupport) {
2619 SpawnedTestServer::SSLOptions ssl_options;
2620 ASSERT_TRUE(StartTestServer(ssl_options));
2621
2622 SSLConfig ssl_config;
2623 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
2624
2625 int rv;
2626 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2627 EXPECT_EQ(OK, rv);
2628 SSLInfo info;
2629 EXPECT_TRUE(sock_->GetSSLInfo(&info));
2630 EXPECT_FALSE(info.token_binding_negotiated);
2631 }
2632
2587 // In tests requiring NPN, client_config.alpn_protos and 2633 // In tests requiring NPN, client_config.alpn_protos and
2588 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is 2634 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is
2589 // disabled due to quirks of the implementation. 2635 // disabled due to quirks of the implementation.
2590 2636
2591 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { 2637 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
2592 // False Start requires NPN/ALPN, ECDHE, and an AEAD. 2638 // False Start requires NPN/ALPN, ECDHE, and an AEAD.
2593 SpawnedTestServer::SSLOptions server_options; 2639 SpawnedTestServer::SSLOptions server_options;
2594 server_options.key_exchanges = 2640 server_options.key_exchanges =
2595 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; 2641 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
2596 server_options.bulk_ciphers = 2642 server_options.bulk_ciphers =
(...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after
3015 int rv; 3061 int rv;
3016 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3062 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3017 EXPECT_EQ(OK, rv); 3063 EXPECT_EQ(OK, rv);
3018 3064
3019 std::string proto; 3065 std::string proto;
3020 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, 3066 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported,
3021 sock_->GetNextProto(&proto)); 3067 sock_->GetNextProto(&proto));
3022 } 3068 }
3023 3069
3024 } // namespace net 3070 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698