Index: net/socket/ssl_client_socket_unittest.cc |
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc |
index 06be299a729d085e3ddf015f21436828e9321b63..a9f1fdea9971039b383902b72ae08a24747dacd4 100644 |
--- a/net/socket/ssl_client_socket_unittest.cc |
+++ b/net/socket/ssl_client_socket_unittest.cc |
@@ -2584,6 +2584,52 @@ TEST_F(SSLClientSocketTest, RequireECDHE) { |
EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
} |
+TEST_F(SSLClientSocketTest, TokenBindingEnabled) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); |
+ ASSERT_TRUE(StartTestServer(ssl_options)); |
+ |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(OK, rv); |
+ SSLInfo info; |
+ EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
+ EXPECT_TRUE(info.token_binding_negotiated); |
+ EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param); |
+} |
+ |
+TEST_F(SSLClientSocketTest, TokenBindingFailsWithEmsDisabled) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); |
+ ssl_options.disable_extended_master_secret = true; |
+ ASSERT_TRUE(StartTestServer(ssl_options)); |
+ |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
+} |
+ |
+TEST_F(SSLClientSocketTest, TokenBindingEnabledWithoutServerSupport) { |
+ SpawnedTestServer::SSLOptions ssl_options; |
+ ASSERT_TRUE(StartTestServer(ssl_options)); |
+ |
+ SSLConfig ssl_config; |
+ ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); |
+ |
+ int rv; |
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
+ EXPECT_EQ(OK, rv); |
+ SSLInfo info; |
+ EXPECT_TRUE(sock_->GetSSLInfo(&info)); |
+ EXPECT_FALSE(info.token_binding_negotiated); |
+} |
+ |
// In tests requiring NPN, client_config.alpn_protos and |
// client_config.npn_protos both need to be set when using NSS, otherwise NPN is |
// disabled due to quirks of the implementation. |