diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-23 18:32:23 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-23 18:32:23 +0000 |
| commit | c75d1619bbdc4538a76c35352402a3d66b05519b (patch) | |
| tree | 3023798e7ec26b0406d2796ecb92fbe0ec790641 /net/test | |
| parent | d4e2e903aa3f6cf2aa2e2091cb51500341183660 (diff) | |
| download | chromium_src-c75d1619bbdc4538a76c35352402a3d66b05519b.zip chromium_src-c75d1619bbdc4538a76c35352402a3d66b05519b.tar.gz chromium_src-c75d1619bbdc4538a76c35352402a3d66b05519b.tar.bz2 | |
Improve the TLS intolerant server testing support added in r134129
(http://codereview.chromium.org/10218007).
Add the ability to simulate a server that is intolerant of only a
particular version of TLS. This will allow us to test the handling
of a TLS 1.1 intolerant server.
R=agl@chromium.org,phajdan.jr@chromium.org
BUG=126340
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10412042
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138537 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/test')
| -rw-r--r-- | net/test/base_test_server.cc | 10 | ||||
| -rw-r--r-- | net/test/base_test_server.h | 15 |
2 files changed, 18 insertions, 7 deletions
diff --git a/net/test/base_test_server.cc b/net/test/base_test_server.cc index 07bef89..323ff70 100644 --- a/net/test/base_test_server.cc +++ b/net/test/base_test_server.cc @@ -59,7 +59,7 @@ BaseTestServer::HTTPSOptions::HTTPSOptions() request_client_certificate(false), bulk_ciphers(HTTPSOptions::BULK_CIPHER_ANY), record_resume(false), - tls_intolerant(false) {} + tls_intolerant(TLS_INTOLERANT_NONE) {} BaseTestServer::HTTPSOptions::HTTPSOptions( BaseTestServer::HTTPSOptions::ServerCertificate cert) @@ -67,7 +67,7 @@ BaseTestServer::HTTPSOptions::HTTPSOptions( request_client_certificate(false), bulk_ciphers(HTTPSOptions::BULK_CIPHER_ANY), record_resume(false), - tls_intolerant(false) {} + tls_intolerant(TLS_INTOLERANT_NONE) {} BaseTestServer::HTTPSOptions::~HTTPSOptions() {} @@ -377,8 +377,10 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release()); if (https_options_.record_resume) arguments->Set("https-record-resume", base::Value::CreateNullValue()); - if (https_options_.tls_intolerant) - arguments->Set("tls-intolerant", base::Value::CreateNullValue()); + if (https_options_.tls_intolerant != HTTPSOptions::TLS_INTOLERANT_NONE) { + arguments->Set("tls-intolerant", + base::Value::CreateIntegerValue(https_options_.tls_intolerant)); + } } return true; } diff --git a/net/test/base_test_server.h b/net/test/base_test_server.h index f7d5654..9456f37 100644 --- a/net/test/base_test_server.h +++ b/net/test/base_test_server.h @@ -85,6 +85,15 @@ class BaseTestServer { BULK_CIPHER_3DES = (1 << 3), }; + // NOTE: the values of these enumerators are passed to the the Python test + // server. Do not change them. + enum TLSIntolerantLevel { + TLS_INTOLERANT_NONE = 0, + TLS_INTOLERANT_ALL = 1, // Intolerant of all TLS versions. + TLS_INTOLERANT_TLS1_1 = 2, // Intolerant of TLS 1.1 or higher. + TLS_INTOLERANT_TLS1_2 = 3, // Intolerant of TLS 1.2 or higher. + }; + // Initialize a new HTTPSOptions using CERT_OK as the certificate. HTTPSOptions(); @@ -127,9 +136,9 @@ class BaseTestServer { // /ssl-session-cache. bool record_resume; - // If true, the server will abort any TLS handshake in order to test - // SSLv3 fallback. - bool tls_intolerant; + // If not TLS_INTOLERANT_NONE, the server will abort any handshake that + // negotiates an intolerant TLS version in order to test version fallback. + TLSIntolerantLevel tls_intolerant; }; // Pass as the 'host' parameter during construction to server on 127.0.0.1 |