diff options
| author | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-21 05:46:58 +0000 |
|---|---|---|
| committer | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-21 05:46:58 +0000 |
| commit | 65a3b914585cee20f1c8b213c82eaa2a5da0cb25 (patch) | |
| tree | 1464c826e4dd82fb68e769119964c6a6383d609a /net/socket | |
| parent | b3992377f4e52a205164d4da5dc7e465e749a57e (diff) | |
| download | chromium_src-65a3b914585cee20f1c8b213c82eaa2a5da0cb25.zip chromium_src-65a3b914585cee20f1c8b213c82eaa2a5da0cb25.tar.gz chromium_src-65a3b914585cee20f1c8b213c82eaa2a5da0cb25.tar.bz2 | |
Reintegrate certificate selection in HttpNetworkTransaction DoLoop
The HttpNetworkTransaction refactor intercepts the client auth
handling and moves it out of DoLoop. Because HandleCertificateRequest
often switches states, this caused a DCHECK and crash in some
circumstances.
This reintegrates it and adds unit tests to catch the DCHECK. We really
want to test sending a legitimate certificate, as well as more
checking interesting errors, but we cannot import temporary keys yet.
We also add a patch for tlslite to send a non-empty certificate_types.
Apple's SSL implementation raises a protocol error otherwise.
BUG=52744,51132,52778
TEST=SSLClientSocketTest.ConnectClientAuth*,URLRequestTest.ClientAuthTest
Review URL: http://codereview.chromium.org/3141026
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56983 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_unittest.cc | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc index 6673ec6..b4ce521 100644 --- a/net/socket/ssl_client_socket_unittest.cc +++ b/net/socket/ssl_client_socket_unittest.cc @@ -167,8 +167,9 @@ TEST_F(SSLClientSocketTest, ConnectMismatched) { log.entries(), -1, net::NetLog::TYPE_SSL_CONNECT)); } -// TODO(davidben): Also test providing a certificate. -TEST_F(SSLClientSocketTest, ConnectClientAuthNoCert) { +// Attempt to connect to a page which requests a client certificate. It should +// return an error code on connect. +TEST_F(SSLClientSocketTest, ConnectClientAuthCertRequested) { net::TestServer test_server(net::TestServer::TYPE_HTTPS_CLIENT_AUTH, FilePath()); ASSERT_TRUE(test_server.Start()); @@ -211,6 +212,59 @@ TEST_F(SSLClientSocketTest, ConnectClientAuthNoCert) { log.entries(), -1, net::NetLog::TYPE_SSL_CONNECT)); } +// Connect to a server requesting optional client authentication. Send it a +// null certificate. It should allow the connection. +// +// TODO(davidben): Also test providing an actual certificate. +TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { + net::TestServer test_server(net::TestServer::TYPE_HTTPS_CLIENT_AUTH, + FilePath()); + ASSERT_TRUE(test_server.Start()); + + net::AddressList addr; + ASSERT_TRUE(test_server.GetAddressList(&addr)); + + TestCompletionCallback callback; + net::CapturingNetLog log(net::CapturingNetLog::kUnbounded); + net::ClientSocket* transport = new net::TCPClientSocket(addr, &log); + int rv = transport->Connect(&callback); + if (rv == net::ERR_IO_PENDING) + rv = callback.WaitForResult(); + EXPECT_EQ(net::OK, rv); + + net::SSLConfig ssl_config = kDefaultSSLConfig; + ssl_config.send_client_cert = true; + ssl_config.client_cert = NULL; + + scoped_ptr<net::SSLClientSocket> sock( + socket_factory_->CreateSSLClientSocket(transport, + test_server.host_port_pair().host(), ssl_config)); + + EXPECT_FALSE(sock->IsConnected()); + + // Our test server accepts certificate-less connections. + // TODO(davidben): Add a test which requires them and verify the error. + rv = sock->Connect(&callback); + EXPECT_TRUE(net::LogContainsBeginEvent( + log.entries(), 5, net::NetLog::TYPE_SSL_CONNECT)); + if (rv != net::OK) { + ASSERT_EQ(net::ERR_IO_PENDING, rv); + EXPECT_FALSE(sock->IsConnected()); + EXPECT_FALSE(net::LogContainsEndEvent( + log.entries(), -1, net::NetLog::TYPE_SSL_CONNECT)); + + rv = callback.WaitForResult(); + EXPECT_EQ(net::OK, rv); + } + + EXPECT_TRUE(sock->IsConnected()); + EXPECT_TRUE(net::LogContainsEndEvent( + log.entries(), -1, net::NetLog::TYPE_SSL_CONNECT)); + + sock->Disconnect(); + EXPECT_FALSE(sock->IsConnected()); +} + // TODO(wtc): Add unit tests for IsConnectedAndIdle: // - Server closes an SSL connection (with a close_notify alert message). // - Server closes the underlying TCP connection directly. |