diff options
| author | willchan@chromium.org <willchan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-23 10:31:51 +0000 |
|---|---|---|
| committer | willchan@chromium.org <willchan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-23 10:31:51 +0000 |
| commit | 514aeafb81f823103d35c83132b508e3e5814808 (patch) | |
| tree | 07444179c4b84ae8a574e17bcc0007134626de76 /net/socket/socket_test_util.cc | |
| parent | 2993b0bddff7fef278e78eed3d31bae4ff1e1d11 (diff) | |
| download | chromium_src-514aeafb81f823103d35c83132b508e3e5814808.zip chromium_src-514aeafb81f823103d35c83132b508e3e5814808.tar.gz chromium_src-514aeafb81f823103d35c83132b508e3e5814808.tar.bz2 | |
Fail the SPDY transaction if it does not meet TLS base requirements.
* Generally follows guidelines in https://http2.github.io/http2-spec/#TLSUsage.
* Apply only to SPDY4+ versions
* Fail the stream job if the TLS version for SPDY is too old (<1.2)
* Fail the stream job if the TLS cipher suite is sucky. Note that we're stricter here than the HTTP/2 spec.
Also added while implementing this CL:
* Add SSLConnectionStatus setters.
* Add ability for SSLSocketDataProvider to set SSLConnectionStatus.
* Add modern cipher suite check into net/ssl.
BUG=374957
Review URL: https://codereview.chromium.org/291093002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@272467 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/socket_test_util.cc')
| -rw-r--r-- | net/socket/socket_test_util.cc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc index be81e9a..f993801 100644 --- a/net/socket/socket_test_util.cc +++ b/net/socket/socket_test_util.cc @@ -24,6 +24,7 @@ #include "net/socket/client_socket_pool_histograms.h" #include "net/socket/socket.h" #include "net/ssl/ssl_cert_request_info.h" +#include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" #include "testing/gtest/include/gtest/gtest.h" @@ -275,7 +276,12 @@ SSLSocketDataProvider::SSLSocketDataProvider(IoMode mode, int result) protocol_negotiated(kProtoUnknown), client_cert_sent(false), cert_request_info(NULL), - channel_id_sent(false) { + channel_id_sent(false), + connection_status(0) { + SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2, + &connection_status); + // Set to TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + SSLConnectionStatusSetCipherSuite(0xcc14, &connection_status); } SSLSocketDataProvider::~SSLSocketDataProvider() { @@ -1377,6 +1383,7 @@ bool MockSSLClientSocket::GetSSLInfo(SSLInfo* ssl_info) { ssl_info->cert = data_->cert; ssl_info->client_cert_sent = data_->client_cert_sent; ssl_info->channel_id_sent = data_->channel_id_sent; + ssl_info->connection_status = data_->connection_status; return true; } |