Change the bad-certificate handler for SSL (using NSS) to return an

error. This requires a few additional changes in the rest of the code. In particular, we now have to teach HttpNetworkTransaction about how to restart connections with bad certificates. This was originally intended to be done by ReconnectIgnoringLastError(), but that API turns out be very difficult to implement in the SSLClientSocket. So, instead, we just create a completely new SSLClientSocket. We also have to be careful to store a copy of the certificate from within the bad-certificate handler, as it won't be available by the time GetSSLInfo() is called. And we fix a bug that would cause us to erroneously talk SSL on reconnected TCP sockets, even though we were still supposed to negotiate a proxy tunnel first. Review URL: http://codereview.chromium.org/43115 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12809 0039d316-1c4b-4281-b951-d872f2087c98
author: markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-30 21:09:30 +0000
committer: markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-30 21:09:30 +0000
commit: 3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b (patch)
tree: ee0a2b866a939e678bedf426e858871706c41bff /net/url_request/url_request_unittest.cc
parent: f463787972e54c126d23d263613634d5fd777789 (diff)
download: chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.zip
chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.tar.gz
chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.tar.bz2
1 files changed, 63 insertions, 3 deletions
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index fb4a650..fbfaafe 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -201,9 +201,13 @@ class HTTPSRequestTest : public testing::Test {
 #if defined(OS_MACOSX)
 // ssl_client_socket_mac.cc crashes currently in GetSSLInfo
 // when called on a connection with an unrecognized certificate
-#define MAYBE_HTTPSGetTest   DISABLED_HTTPSGetTest
+#define MAYBE_HTTPSGetTest        DISABLED_HTTPSGetTest
+#define MAYBE_HTTPSMismatchedTest DISABLED_HTTPSMismatchedTest
+#define MAYBE_HTTPSExpiredTest    DISABLED_HTTPSExpiredTest
 #else
-#define MAYBE_HTTPSGetTest   HTTPSGetTest
+#define MAYBE_HTTPSGetTest        HTTPSGetTest
+#define MAYBE_HTTPSMismatchedTest HTTPSMismatchedTest
+#define MAYBE_HTTPSExpiredTest    HTTPSExpiredTest
 #endif
 
 TEST_F(HTTPSRequestTest, MAYBE_HTTPSGetTest) {
@@ -233,7 +237,63 @@ TEST_F(HTTPSRequestTest, MAYBE_HTTPSGetTest) {
 #endif
 }
 
-// TODO(dkegel): add test for expired and mismatched certificates here
+TEST_F(HTTPSRequestTest, MAYBE_HTTPSMismatchedTest) {
+  scoped_refptr<HTTPSTestServer> server =
+      HTTPSTestServer::CreateMismatchedServer(L"net/data/ssl");
+  ASSERT_TRUE(NULL != server.get());
+
+  bool err_allowed = true;
+  for (int i = 0; i < 2 ; i++, err_allowed = !err_allowed) {
+    TestDelegate d;
+    {
+      d.set_allow_certificate_errors(err_allowed);
+      TestURLRequest r(server->TestServerPage(""), &d);
+
+      r.Start();
+      EXPECT_TRUE(r.is_pending());
+
+      MessageLoop::current()->Run();
+
+      EXPECT_EQ(1, d.response_started_count());
+      EXPECT_FALSE(d.received_data_before_response());
+      EXPECT_TRUE(d.have_certificate_errors());
+      if (err_allowed)
+        EXPECT_NE(0, d.bytes_received());
+      else
+        EXPECT_EQ(0, d.bytes_received());
+    }
+  }
+}
+
+TEST_F(HTTPSRequestTest, MAYBE_HTTPSExpiredTest) {
+  scoped_refptr<HTTPSTestServer> server =
+      HTTPSTestServer::CreateExpiredServer(L"net/data/ssl");
+  ASSERT_TRUE(NULL != server.get());
+
+  // Iterate from false to true, just so that we do the opposite of the
+  // previous test in order to increase test coverage.
+  bool err_allowed = false;
+  for (int i = 0; i < 2 ; i++, err_allowed = !err_allowed) {
+    TestDelegate d;
+    {
+      d.set_allow_certificate_errors(err_allowed);
+      TestURLRequest r(server->TestServerPage(""), &d);
+
+      r.Start();
+      EXPECT_TRUE(r.is_pending());
+
+      MessageLoop::current()->Run();
+
+      EXPECT_EQ(1, d.response_started_count());
+      EXPECT_FALSE(d.received_data_before_response());
+      EXPECT_TRUE(d.have_certificate_errors());
+      if (err_allowed)
+        EXPECT_NE(0, d.bytes_received());
+      else
+        EXPECT_EQ(0, d.bytes_received());
+    }
+  }
+}
 
 TEST_F(URLRequestTest, CancelTest) {
   TestDelegate d;
author	markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-30 21:09:30 +0000
committer	markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-30 21:09:30 +0000
commit	3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b (patch)
tree	ee0a2b866a939e678bedf426e858871706c41bff /net/url_request/url_request_unittest.cc
parent	f463787972e54c126d23d263613634d5fd777789 (diff)
download	chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.zip chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.tar.gz chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.tar.bz2