--- ./net/websockets/websocket_end_to_end_test.cc.orig +++ ./net/websockets/websocket_end_to_end_test.cc @@ -320,35 +320,35 @@ // Basic test of connectivity. If this test fails, nothing else can be expected // to work. -TEST_F(WebSocketEndToEndTest, BasicSmokeTest) { - SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, - GetWebSocketTestDataDirectory()); - ASSERT_TRUE(ws_server.Start()); - EXPECT_TRUE(ConnectAndWait(ws_server.GetURL(kEchoServer))); -} +// TEST_F(WebSocketEndToEndTest, BasicSmokeTest) { +// SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, +// GetWebSocketTestDataDirectory()); +// ASSERT_TRUE(ws_server.Start()); +// EXPECT_TRUE(ConnectAndWait(ws_server.GetURL(kEchoServer))); +// } // Test for issue crbug.com/433695 "Unencrypted WebSocket connection via // authenticated proxy times out" // TODO(ricea): Enable this when the issue is fixed. -TEST_F(WebSocketEndToEndTest, DISABLED_HttpsProxyUnauthedFails) { - SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_BASIC_AUTH_PROXY, - base::FilePath()); - SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, - GetWebSocketTestDataDirectory()); - ASSERT_TRUE(proxy_server.StartInBackground()); - ASSERT_TRUE(ws_server.StartInBackground()); - ASSERT_TRUE(proxy_server.BlockUntilStarted()); - ASSERT_TRUE(ws_server.BlockUntilStarted()); - std::string proxy_config = - "https=" + proxy_server.host_port_pair().ToString(); - std::unique_ptr proxy_resolution_service( - ConfiguredProxyResolutionService::CreateFixed( - proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)); - ASSERT_TRUE(proxy_resolution_service); - context_.set_proxy_resolution_service(proxy_resolution_service.get()); - EXPECT_FALSE(ConnectAndWait(ws_server.GetURL(kEchoServer))); - EXPECT_EQ("Proxy authentication failed", event_interface_->failure_message()); -} +// TEST_F(WebSocketEndToEndTest, DISABLED_HttpsProxyUnauthedFails) { +// SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_BASIC_AUTH_PROXY, +// base::FilePath()); +// SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, +// GetWebSocketTestDataDirectory()); +// ASSERT_TRUE(proxy_server.StartInBackground()); +// ASSERT_TRUE(ws_server.StartInBackground()); +// ASSERT_TRUE(proxy_server.BlockUntilStarted()); +// ASSERT_TRUE(ws_server.BlockUntilStarted()); +// std::string proxy_config = +// "https=" + proxy_server.host_port_pair().ToString(); +// std::unique_ptr proxy_resolution_service( +// ConfiguredProxyResolutionService::CreateFixed( +// proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)); +// ASSERT_TRUE(proxy_resolution_service); +// context_.set_proxy_resolution_service(proxy_resolution_service.get()); +// EXPECT_FALSE(ConnectAndWait(ws_server.GetURL(kEchoServer))); +// EXPECT_EQ("Proxy authentication failed", event_interface_->failure_message()); +// } // These test are not compatible with RemoteTestServer because RemoteTestServer // doesn't support TYPE_BASIC_AUTH_PROXY. @@ -361,61 +361,61 @@ #define MAYBE_HttpsProxyUsed HttpsProxyUsed #endif -TEST_F(WebSocketEndToEndTest, MAYBE_HttpsWssProxyUnauthedFails) { - SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_BASIC_AUTH_PROXY, - base::FilePath()); - SpawnedTestServer wss_server(SpawnedTestServer::TYPE_WSS, - GetWebSocketTestDataDirectory()); - ASSERT_TRUE(proxy_server.StartInBackground()); - ASSERT_TRUE(wss_server.StartInBackground()); - ASSERT_TRUE(proxy_server.BlockUntilStarted()); - ASSERT_TRUE(wss_server.BlockUntilStarted()); - ProxyConfig proxy_config; - proxy_config.proxy_rules().ParseFromString( - "https=" + proxy_server.host_port_pair().ToString()); - // TODO(https://crbug.com/901896): Don't rely on proxying localhost. - proxy_config.proxy_rules().bypass_rules.AddRulesToSubtractImplicit(); +// TEST_F(WebSocketEndToEndTest, MAYBE_HttpsWssProxyUnauthedFails) { +// SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_BASIC_AUTH_PROXY, +// base::FilePath()); +// SpawnedTestServer wss_server(SpawnedTestServer::TYPE_WSS, +// GetWebSocketTestDataDirectory()); +// ASSERT_TRUE(proxy_server.StartInBackground()); +// ASSERT_TRUE(wss_server.StartInBackground()); +// ASSERT_TRUE(proxy_server.BlockUntilStarted()); +// ASSERT_TRUE(wss_server.BlockUntilStarted()); +// ProxyConfig proxy_config; +// proxy_config.proxy_rules().ParseFromString( +// "https=" + proxy_server.host_port_pair().ToString()); +// // TODO(https://crbug.com/901896): Don't rely on proxying localhost. +// proxy_config.proxy_rules().bypass_rules.AddRulesToSubtractImplicit(); - std::unique_ptr proxy_resolution_service( - ConfiguredProxyResolutionService::CreateFixed(ProxyConfigWithAnnotation( - proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS))); - ASSERT_TRUE(proxy_resolution_service); - context_.set_proxy_resolution_service(proxy_resolution_service.get()); - EXPECT_FALSE(ConnectAndWait(wss_server.GetURL(kEchoServer))); - EXPECT_EQ("Proxy authentication failed", event_interface_->failure_message()); -} +// std::unique_ptr proxy_resolution_service( +// ConfiguredProxyResolutionService::CreateFixed(ProxyConfigWithAnnotation( +// proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS))); +// ASSERT_TRUE(proxy_resolution_service); +// context_.set_proxy_resolution_service(proxy_resolution_service.get()); +// EXPECT_FALSE(ConnectAndWait(wss_server.GetURL(kEchoServer))); +// EXPECT_EQ("Proxy authentication failed", event_interface_->failure_message()); +// } // Regression test for crbug/426736 "WebSocket connections not using configured // system HTTPS Proxy". -TEST_F(WebSocketEndToEndTest, MAYBE_HttpsProxyUsed) { - SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_PROXY, - base::FilePath()); - SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, - GetWebSocketTestDataDirectory()); - ASSERT_TRUE(proxy_server.StartInBackground()); - ASSERT_TRUE(ws_server.StartInBackground()); - ASSERT_TRUE(proxy_server.BlockUntilStarted()); - ASSERT_TRUE(ws_server.BlockUntilStarted()); - ProxyConfig proxy_config; - proxy_config.proxy_rules().ParseFromString( - "https=" + proxy_server.host_port_pair().ToString() + ";" + - "http=" + proxy_server.host_port_pair().ToString()); - // TODO(https://crbug.com/901896): Don't rely on proxying localhost. - proxy_config.proxy_rules().bypass_rules.AddRulesToSubtractImplicit(); +// TEST_F(WebSocketEndToEndTest, MAYBE_HttpsProxyUsed) { +// SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_PROXY, +// base::FilePath()); +// SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, +// GetWebSocketTestDataDirectory()); +// ASSERT_TRUE(proxy_server.StartInBackground()); +// ASSERT_TRUE(ws_server.StartInBackground()); +// ASSERT_TRUE(proxy_server.BlockUntilStarted()); +// ASSERT_TRUE(ws_server.BlockUntilStarted()); +// ProxyConfig proxy_config; +// proxy_config.proxy_rules().ParseFromString( +// "https=" + proxy_server.host_port_pair().ToString() + ";" + +// "http=" + proxy_server.host_port_pair().ToString()); +// // TODO(https://crbug.com/901896): Don't rely on proxying localhost. +// proxy_config.proxy_rules().bypass_rules.AddRulesToSubtractImplicit(); - std::unique_ptr proxy_resolution_service( - ConfiguredProxyResolutionService::CreateFixed(ProxyConfigWithAnnotation( - proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS))); - context_.set_proxy_resolution_service(proxy_resolution_service.get()); - InitialiseContext(); +// std::unique_ptr proxy_resolution_service( +// ConfiguredProxyResolutionService::CreateFixed(ProxyConfigWithAnnotation( +// proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS))); +// context_.set_proxy_resolution_service(proxy_resolution_service.get()); +// InitialiseContext(); - GURL ws_url = ws_server.GetURL(kEchoServer); - EXPECT_TRUE(ConnectAndWait(ws_url)); - const TestProxyDelegateWithProxyInfo::ResolvedProxyInfo& info = - proxy_delegate_->resolved_proxy_info(); - EXPECT_EQ(ws_url, info.url); - EXPECT_TRUE(info.proxy_info.is_http()); -} +// GURL ws_url = ws_server.GetURL(kEchoServer); +// EXPECT_TRUE(ConnectAndWait(ws_url)); +// const TestProxyDelegateWithProxyInfo::ResolvedProxyInfo& info = +// proxy_delegate_->resolved_proxy_info(); +// EXPECT_EQ(ws_url, info.url); +// EXPECT_TRUE(info.proxy_info.is_http()); +// } std::unique_ptr ProxyPacHandler(const HttpRequest& request) { GURL url = request.GetURL(); @@ -448,91 +448,91 @@ #define MAYBE_ProxyPacUsed DISABLED_ProxyPacUsed #endif -TEST_F(WebSocketEndToEndTest, MAYBE_ProxyPacUsed) { - EmbeddedTestServer proxy_pac_server(net::EmbeddedTestServer::Type::TYPE_HTTP); - SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_PROXY, - base::FilePath()); - SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, - GetWebSocketTestDataDirectory()); - proxy_pac_server.RegisterRequestHandler(base::BindRepeating(ProxyPacHandler)); - proxy_server.set_redirect_connect_to_localhost(true); +// TEST_F(WebSocketEndToEndTest, MAYBE_ProxyPacUsed) { +// EmbeddedTestServer proxy_pac_server(net::EmbeddedTestServer::Type::TYPE_HTTP); +// SpawnedTestServer proxy_server(SpawnedTestServer::TYPE_PROXY, +// base::FilePath()); +// SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, +// GetWebSocketTestDataDirectory()); +// proxy_pac_server.RegisterRequestHandler(base::BindRepeating(ProxyPacHandler)); +// proxy_server.set_redirect_connect_to_localhost(true); - ASSERT_TRUE(proxy_pac_server.Start()); - ASSERT_TRUE(proxy_server.StartInBackground()); - ASSERT_TRUE(ws_server.StartInBackground()); - ASSERT_TRUE(proxy_server.BlockUntilStarted()); - ASSERT_TRUE(ws_server.BlockUntilStarted()); +// ASSERT_TRUE(proxy_pac_server.Start()); +// ASSERT_TRUE(proxy_server.StartInBackground()); +// ASSERT_TRUE(ws_server.StartInBackground()); +// ASSERT_TRUE(proxy_server.BlockUntilStarted()); +// ASSERT_TRUE(ws_server.BlockUntilStarted()); - ProxyConfig proxy_config = - ProxyConfig::CreateFromCustomPacURL(proxy_pac_server.GetURL(base::StrCat( - {"/proxy.pac?proxy=", proxy_server.host_port_pair().ToString()}))); - proxy_config.set_pac_mandatory(true); - auto proxy_config_service = std::make_unique( - ProxyConfigWithAnnotation(proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)); - std::unique_ptr proxy_resolution_service( - ConfiguredProxyResolutionService::CreateUsingSystemProxyResolver( - std::move(proxy_config_service), NetLog::Get(), - /*quick_check_enabled=*/true)); - ASSERT_EQ(ws_server.host_port_pair().host(), "127.0.0.1"); - context_.set_proxy_resolution_service(proxy_resolution_service.get()); - InitialiseContext(); +// ProxyConfig proxy_config = +// ProxyConfig::CreateFromCustomPacURL(proxy_pac_server.GetURL(base::StrCat( +// {"/proxy.pac?proxy=", proxy_server.host_port_pair().ToString()}))); +// proxy_config.set_pac_mandatory(true); +// auto proxy_config_service = std::make_unique( +// ProxyConfigWithAnnotation(proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)); +// std::unique_ptr proxy_resolution_service( +// ConfiguredProxyResolutionService::CreateUsingSystemProxyResolver( +// std::move(proxy_config_service), NetLog::Get(), +// /*quick_check_enabled=*/true)); +// ASSERT_EQ(ws_server.host_port_pair().host(), "127.0.0.1"); +// context_.set_proxy_resolution_service(proxy_resolution_service.get()); +// InitialiseContext(); - // Use a name other than localhost, since localhost implicitly bypasses the - // use of proxy.pac. - HostPortPair fake_ws_host_port_pair("stealth-localhost", - ws_server.host_port_pair().port()); +// // Use a name other than localhost, since localhost implicitly bypasses the +// // use of proxy.pac. +// HostPortPair fake_ws_host_port_pair("stealth-localhost", +// ws_server.host_port_pair().port()); - GURL ws_url(base::StrCat( - {"ws://", fake_ws_host_port_pair.ToString(), "/", kEchoServer})); - EXPECT_TRUE(ConnectAndWait(ws_url)); - const auto& info = proxy_delegate_->resolved_proxy_info(); - EXPECT_EQ(ws_url, info.url); - EXPECT_TRUE(info.proxy_info.is_http()); - EXPECT_EQ(info.proxy_info.ToPacString(), - base::StrCat({"PROXY ", proxy_server.host_port_pair().ToString()})); -} +// GURL ws_url(base::StrCat( +// {"ws://", fake_ws_host_port_pair.ToString(), "/", kEchoServer})); +// EXPECT_TRUE(ConnectAndWait(ws_url)); +// const auto& info = proxy_delegate_->resolved_proxy_info(); +// EXPECT_EQ(ws_url, info.url); +// EXPECT_TRUE(info.proxy_info.is_http()); +// EXPECT_EQ(info.proxy_info.ToPacString(), +// base::StrCat({"PROXY ", proxy_server.host_port_pair().ToString()})); +// } // This is a regression test for crbug.com/408061 Crash in // net::WebSocketBasicHandshakeStream::Upgrade. -TEST_F(WebSocketEndToEndTest, TruncatedResponse) { - SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, - GetWebSocketTestDataDirectory()); - ASSERT_TRUE(ws_server.Start()); - InitialiseContext(); +// TEST_F(WebSocketEndToEndTest, TruncatedResponse) { +// SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, +// GetWebSocketTestDataDirectory()); +// ASSERT_TRUE(ws_server.Start()); +// InitialiseContext(); - GURL ws_url = ws_server.GetURL("truncated-headers"); - EXPECT_FALSE(ConnectAndWait(ws_url)); -} +// GURL ws_url = ws_server.GetURL("truncated-headers"); +// EXPECT_FALSE(ConnectAndWait(ws_url)); +// } // Regression test for crbug.com/180504 "WebSocket handshake fails when HTTP // headers have trailing LWS". -TEST_F(WebSocketEndToEndTest, TrailingWhitespace) { - SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, - GetWebSocketTestDataDirectory()); - ASSERT_TRUE(ws_server.Start()); +// TEST_F(WebSocketEndToEndTest, TrailingWhitespace) { +// SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, +// GetWebSocketTestDataDirectory()); +// ASSERT_TRUE(ws_server.Start()); - GURL ws_url = ws_server.GetURL("trailing-whitespace"); - sub_protocols_.push_back("sip"); - EXPECT_TRUE(ConnectAndWait(ws_url)); - EXPECT_EQ("sip", event_interface_->selected_subprotocol()); -} +// GURL ws_url = ws_server.GetURL("trailing-whitespace"); +// sub_protocols_.push_back("sip"); +// EXPECT_TRUE(ConnectAndWait(ws_url)); +// EXPECT_EQ("sip", event_interface_->selected_subprotocol()); +// } // This is a regression test for crbug.com/169448 "WebSockets should support // header continuations" // TODO(ricea): HTTP continuation headers have been deprecated by RFC7230. If // support for continuation headers is removed from Chrome, then this test will // break and should be removed. -TEST_F(WebSocketEndToEndTest, HeaderContinuations) { - SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, - GetWebSocketTestDataDirectory()); - ASSERT_TRUE(ws_server.Start()); +// TEST_F(WebSocketEndToEndTest, HeaderContinuations) { +// SpawnedTestServer ws_server(SpawnedTestServer::TYPE_WS, +// GetWebSocketTestDataDirectory()); +// ASSERT_TRUE(ws_server.Start()); - GURL ws_url = ws_server.GetURL("header-continuation"); +// GURL ws_url = ws_server.GetURL("header-continuation"); - EXPECT_TRUE(ConnectAndWait(ws_url)); - EXPECT_EQ("permessage-deflate; server_max_window_bits=10", - event_interface_->extensions()); -} +// EXPECT_TRUE(ConnectAndWait(ws_url)); +// EXPECT_EQ("permessage-deflate; server_max_window_bits=10", +// event_interface_->extensions()); +// } // These are not true end-to-end tests as the SpawnedTestServer doesn't // support TLS 1.2. --- ./net/socket/ssl_client_socket_unittest.cc.orig +++ ./net/socket/ssl_client_socket_unittest.cc @@ -2270,26 +2270,26 @@ // Tests that fatal alerts from the peer are processed. This is a regression // test for https://crbug.com/466303. -TEST_P(SSLClientSocketReadTest, Read_WithFatalAlert) { - SpawnedTestServer::SSLOptions ssl_options; - auto tls_max_version = ProtocolVersionToSpawnedTestServer(version()); - if (!tls_max_version) { - return; - } - ssl_options.tls_max_version = *tls_max_version; - ssl_options.alert_after_handshake = true; - ASSERT_TRUE(StartTestServer(ssl_options)); +// TEST_P(SSLClientSocketReadTest, Read_WithFatalAlert) { +// SpawnedTestServer::SSLOptions ssl_options; +// auto tls_max_version = ProtocolVersionToSpawnedTestServer(version()); +// if (!tls_max_version) { +// return; +// } +// ssl_options.tls_max_version = *tls_max_version; +// ssl_options.alert_after_handshake = true; +// ASSERT_TRUE(StartTestServer(ssl_options)); - int rv; - ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); - EXPECT_THAT(rv, IsOk()); +// int rv; +// ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); +// EXPECT_THAT(rv, IsOk()); - // Receive the fatal alert. - TestCompletionCallback callback; - scoped_refptr buf = base::MakeRefCounted(4096); - EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, - ReadAndWaitForCompletion(sock_.get(), buf.get(), 4096)); -} +// // Receive the fatal alert. +// TestCompletionCallback callback; +// scoped_refptr buf = base::MakeRefCounted(4096); +// EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, +// ReadAndWaitForCompletion(sock_.get(), buf.get(), 4096)); +// } TEST_P(SSLClientSocketReadTest, Read_SmallChunks) { ASSERT_TRUE( @@ -2792,59 +2792,59 @@ EXPECT_EQ(config.cert_authorities, request_info->cert_authorities); } -TEST_P(SSLClientSocketCertRequestInfoTest, CertKeyTypes) { - SpawnedTestServer::SSLOptions ssl_options; - auto tls_max_version = ProtocolVersionToSpawnedTestServer(version()); - if (!tls_max_version) { - return; - } - ssl_options.tls_max_version = *tls_max_version; - ssl_options.request_client_certificate = true; - ssl_options.client_cert_types.push_back(CLIENT_CERT_RSA_SIGN); - ssl_options.client_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); - ASSERT_TRUE(StartTestServer(ssl_options)); - scoped_refptr request_info = GetCertRequest(); - ASSERT_TRUE(request_info.get()); - ASSERT_EQ(2u, request_info->cert_key_types.size()); - EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]); - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]); -} +// TEST_P(SSLClientSocketCertRequestInfoTest, CertKeyTypes) { +// SpawnedTestServer::SSLOptions ssl_options; +// auto tls_max_version = ProtocolVersionToSpawnedTestServer(version()); +// if (!tls_max_version) { +// return; +// } +// ssl_options.tls_max_version = *tls_max_version; +// ssl_options.request_client_certificate = true; +// ssl_options.client_cert_types.push_back(CLIENT_CERT_RSA_SIGN); +// ssl_options.client_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); +// ASSERT_TRUE(StartTestServer(ssl_options)); +// scoped_refptr request_info = GetCertRequest(); +// ASSERT_TRUE(request_info.get()); +// ASSERT_EQ(2u, request_info->cert_key_types.size()); +// EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]); +// EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]); +// } // Tests that the Certificate Transparency (RFC 6962) TLS extension is // supported. -TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsTLSExtension) { - // Encoding of SCT List containing 'test'. - base::StringPiece sct_ext("\x00\x06\x00\x04test", 8); +// TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsTLSExtension) { +// // Encoding of SCT List containing 'test'. +// base::StringPiece sct_ext("\x00\x06\x00\x04test", 8); - SpawnedTestServer::SSLOptions ssl_options; - ssl_options.signed_cert_timestamps_tls_ext = std::string(sct_ext); - ASSERT_TRUE(StartTestServer(ssl_options)); +// SpawnedTestServer::SSLOptions ssl_options; +// ssl_options.signed_cert_timestamps_tls_ext = std::string(sct_ext); +// ASSERT_TRUE(StartTestServer(ssl_options)); - auto ct_verifier = std::make_unique(); +// auto ct_verifier = std::make_unique(); - // Check that the SCT list is extracted from the TLS extension as expected, - // while also simulating that it was an unparsable response. - SignedCertificateTimestampAndStatusList sct_list; - EXPECT_CALL(*ct_verifier, Verify(_, _, _, sct_ext, _, _)) - .WillOnce(testing::SetArgPointee<4>(sct_list)); +// // Check that the SCT list is extracted from the TLS extension as expected, +// // while also simulating that it was an unparsable response. +// SignedCertificateTimestampAndStatusList sct_list; +// EXPECT_CALL(*ct_verifier, Verify(_, _, _, sct_ext, _, _)) +// .WillOnce(testing::SetArgPointee<4>(sct_list)); - auto cert_and_ct_verifier = std::make_unique( - std::move(cert_verifier_), std::move(ct_verifier)); +// auto cert_and_ct_verifier = std::make_unique( +// std::move(cert_verifier_), std::move(ct_verifier)); - context_ = std::make_unique( - ssl_config_service_.get(), cert_and_ct_verifier.get(), - transport_security_state_.get(), ct_policy_enforcer_.get(), - ssl_client_session_cache_.get(), nullptr); +// context_ = std::make_unique( +// ssl_config_service_.get(), cert_and_ct_verifier.get(), +// transport_security_state_.get(), ct_policy_enforcer_.get(), +// ssl_client_session_cache_.get(), nullptr); - int rv; - ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); - EXPECT_THAT(rv, IsOk()); +// int rv; +// ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); +// EXPECT_THAT(rv, IsOk()); - EXPECT_TRUE(sock_->signed_cert_timestamps_received_); +// EXPECT_TRUE(sock_->signed_cert_timestamps_received_); - sock_ = nullptr; - context_ = nullptr; -} +// sock_ = nullptr; +// context_ = nullptr; +// } // Test that when a CT verifier and a CTPolicyEnforcer are defined, and // the EV certificate used conforms to the CT/EV policy, its EV status @@ -3419,17 +3419,17 @@ } // Test that DHE is removed. -TEST_F(SSLClientSocketTest, NoDHE) { - SpawnedTestServer::SSLOptions ssl_options; - ssl_options.key_exchanges = - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; - ASSERT_TRUE(StartTestServer(ssl_options)); +// TEST_F(SSLClientSocketTest, NoDHE) { +// SpawnedTestServer::SSLOptions ssl_options; +// ssl_options.key_exchanges = +// SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; +// ASSERT_TRUE(StartTestServer(ssl_options)); - SSLConfig ssl_config; - int rv; - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); - EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); -} +// SSLConfig ssl_config; +// int rv; +// ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); +// EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)); +// } TEST_F(SSLClientSocketTest, RequireECDHE) { // Run test server without ECDHE. @@ -5562,51 +5562,51 @@ bool known_root() const { return std::get<2>(GetParam()); } }; -INSTANTIATE_TEST_SUITE_P( - All, - TLS13DowngradeTest, - Combine(Values(SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_0, - SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_1, - SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_2), - Bool(), - Bool())); +// INSTANTIATE_TEST_SUITE_P( +// All, +// TLS13DowngradeTest, +// Combine(Values(SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_0, +// SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_1, +// SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_2), +// Bool(), +// Bool())); -TEST_P(TLS13DowngradeTest, DowngradeEnforced) { - SpawnedTestServer::SSLOptions ssl_options; - ssl_options.simulate_tls13_downgrade = simulate_tls13_downgrade(); - ssl_options.tls_max_version = tls_max_version(); - ASSERT_TRUE(StartTestServer(ssl_options)); - scoped_refptr server_cert = - spawned_test_server()->GetCertificate(); +// TEST_P(TLS13DowngradeTest, DowngradeEnforced) { +// SpawnedTestServer::SSLOptions ssl_options; +// ssl_options.simulate_tls13_downgrade = simulate_tls13_downgrade(); +// ssl_options.tls_max_version = tls_max_version(); +// ASSERT_TRUE(StartTestServer(ssl_options)); +// scoped_refptr server_cert = +// spawned_test_server()->GetCertificate(); - SSLContextConfig config; - config.version_max = SSL_PROTOCOL_VERSION_TLS1_3; - // If the test is using legacy TLS versions, explicitly disable warnings - // (e.g., to cover cases like post-interstitial or when legacy TLS is - // explicitly allowed via configuration). - if (tls_max_version() < - SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_2) { - config.version_min_warn = SSL_PROTOCOL_VERSION_TLS1; - } - ssl_config_service_->UpdateSSLConfigAndNotify(config); +// SSLContextConfig config; +// config.version_max = SSL_PROTOCOL_VERSION_TLS1_3; +// // If the test is using legacy TLS versions, explicitly disable warnings +// // (e.g., to cover cases like post-interstitial or when legacy TLS is +// // explicitly allowed via configuration). +// if (tls_max_version() < +// SpawnedTestServer::SSLOptions::TLS_MAX_VERSION_TLS1_2) { +// config.version_min_warn = SSL_PROTOCOL_VERSION_TLS1; +// } +// ssl_config_service_->UpdateSSLConfigAndNotify(config); - CertVerifyResult verify_result; - verify_result.is_issued_by_known_root = known_root(); - verify_result.verified_cert = server_cert; - cert_verifier_->ClearRules(); - cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); +// CertVerifyResult verify_result; +// verify_result.is_issued_by_known_root = known_root(); +// verify_result.verified_cert = server_cert; +// cert_verifier_->ClearRules(); +// cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); - ssl_client_session_cache_->Flush(); - int rv; - ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); - if (simulate_tls13_downgrade()) { - EXPECT_THAT(rv, IsError(ERR_TLS13_DOWNGRADE_DETECTED)); - EXPECT_FALSE(sock_->IsConnected()); - } else { - EXPECT_THAT(rv, IsOk()); - EXPECT_TRUE(sock_->IsConnected()); - } -} +// ssl_client_session_cache_->Flush(); +// int rv; +// ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); +// if (simulate_tls13_downgrade()) { +// EXPECT_THAT(rv, IsError(ERR_TLS13_DOWNGRADE_DETECTED)); +// EXPECT_FALSE(sock_->IsConnected()); +// } else { +// EXPECT_THAT(rv, IsOk()); +// EXPECT_TRUE(sock_->IsConnected()); +// } +// } struct SSLHandshakeDetailsParams { bool alpn; --- ./net/url_request/url_request_unittest.cc.orig +++ ./net/url_request/url_request_unittest.cc @@ -10036,147 +10036,147 @@ } } -TEST_F(HTTPSRequestTest, ResumeTest) { - // Test that we attempt a session resume when making two connections to the - // same host. - SpawnedTestServer::SSLOptions ssl_options; - ssl_options.record_resume = true; - SpawnedTestServer test_server( - SpawnedTestServer::TYPE_HTTPS, ssl_options, - base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); - ASSERT_TRUE(test_server.Start()); +// TEST_F(HTTPSRequestTest, ResumeTest) { +// // Test that we attempt a session resume when making two connections to the +// // same host. +// SpawnedTestServer::SSLOptions ssl_options; +// ssl_options.record_resume = true; +// SpawnedTestServer test_server( +// SpawnedTestServer::TYPE_HTTPS, ssl_options, +// base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); +// ASSERT_TRUE(test_server.Start()); - default_context_.http_transaction_factory() - ->GetSession() - ->ClearSSLSessionCache(); +// default_context_.http_transaction_factory() +// ->GetSession() +// ->ClearSSLSessionCache(); - { - TestDelegate d; - std::unique_ptr r(default_context_.CreateRequest( - test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, - TRAFFIC_ANNOTATION_FOR_TESTS)); +// { +// TestDelegate d; +// std::unique_ptr r(default_context_.CreateRequest( +// test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, +// TRAFFIC_ANNOTATION_FOR_TESTS)); - r->Start(); - EXPECT_TRUE(r->is_pending()); +// r->Start(); +// EXPECT_TRUE(r->is_pending()); - d.RunUntilComplete(); +// d.RunUntilComplete(); - EXPECT_EQ(1, d.response_started_count()); - } +// EXPECT_EQ(1, d.response_started_count()); +// } - reinterpret_cast(default_context_.http_transaction_factory()) - ->CloseAllConnections(ERR_FAILED, "Very good reason"); +// reinterpret_cast(default_context_.http_transaction_factory()) +// ->CloseAllConnections(ERR_FAILED, "Very good reason"); - { - TestDelegate d; - std::unique_ptr r(default_context_.CreateRequest( - test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, - TRAFFIC_ANNOTATION_FOR_TESTS)); +// { +// TestDelegate d; +// std::unique_ptr r(default_context_.CreateRequest( +// test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, +// TRAFFIC_ANNOTATION_FOR_TESTS)); - r->Start(); - EXPECT_TRUE(r->is_pending()); +// r->Start(); +// EXPECT_TRUE(r->is_pending()); - d.RunUntilComplete(); +// d.RunUntilComplete(); - // The response will look like; - // lookup uvw (TLS 1.3's compatibility session ID) - // insert abc - // lookup abc - // insert xyz - // - // With a newline at the end which makes the split think that there are - // four lines. +// // The response will look like; +// // lookup uvw (TLS 1.3's compatibility session ID) +// // insert abc +// // lookup abc +// // insert xyz +// // +// // With a newline at the end which makes the split think that there are +// // four lines. - EXPECT_EQ(1, d.response_started_count()); - std::vector lines = base::SplitString( - d.data_received(), "\n", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); - ASSERT_EQ(5u, lines.size()) << d.data_received(); +// EXPECT_EQ(1, d.response_started_count()); +// std::vector lines = base::SplitString( +// d.data_received(), "\n", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); +// ASSERT_EQ(5u, lines.size()) << d.data_received(); - std::string session_id; +// std::string session_id; - for (size_t i = 0; i < 3; i++) { - std::vector parts = base::SplitString( - lines[i], "\t", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); - ASSERT_EQ(2u, parts.size()); - if (i % 2 == 1) { - EXPECT_EQ("insert", parts[0]); - session_id = parts[1]; - } else { - EXPECT_EQ("lookup", parts[0]); - if (i != 0) - EXPECT_EQ(session_id, parts[1]); - } - } - } -} +// for (size_t i = 0; i < 3; i++) { +// std::vector parts = base::SplitString( +// lines[i], "\t", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); +// ASSERT_EQ(2u, parts.size()); +// if (i % 2 == 1) { +// EXPECT_EQ("insert", parts[0]); +// session_id = parts[1]; +// } else { +// EXPECT_EQ("lookup", parts[0]); +// if (i != 0) +// EXPECT_EQ(session_id, parts[1]); +// } +// } +// } +// } -TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) { - // Test that sessions aren't resumed when the value of ssl_session_cache_shard - // differs. - SpawnedTestServer::SSLOptions ssl_options; - ssl_options.record_resume = true; - SpawnedTestServer test_server( - SpawnedTestServer::TYPE_HTTPS, ssl_options, - base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); - ASSERT_TRUE(test_server.Start()); +// TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) { +// // Test that sessions aren't resumed when the value of ssl_session_cache_shard +// // differs. +// SpawnedTestServer::SSLOptions ssl_options; +// ssl_options.record_resume = true; +// SpawnedTestServer test_server( +// SpawnedTestServer::TYPE_HTTPS, ssl_options, +// base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); +// ASSERT_TRUE(test_server.Start()); - default_context_.http_transaction_factory() - ->GetSession() - ->ClearSSLSessionCache(); +// default_context_.http_transaction_factory() +// ->GetSession() +// ->ClearSSLSessionCache(); - { - TestDelegate d; - std::unique_ptr r(default_context_.CreateRequest( - test_server.GetURL("/"), DEFAULT_PRIORITY, &d, - TRAFFIC_ANNOTATION_FOR_TESTS)); +// { +// TestDelegate d; +// std::unique_ptr r(default_context_.CreateRequest( +// test_server.GetURL("/"), DEFAULT_PRIORITY, &d, +// TRAFFIC_ANNOTATION_FOR_TESTS)); - r->Start(); - EXPECT_TRUE(r->is_pending()); +// r->Start(); +// EXPECT_TRUE(r->is_pending()); - d.RunUntilComplete(); +// d.RunUntilComplete(); - EXPECT_EQ(1, d.response_started_count()); - } +// EXPECT_EQ(1, d.response_started_count()); +// } - // Now create a new HttpCache with a different ssl_session_cache_shard value. - HttpNetworkSession::Context session_context; - session_context.host_resolver = default_context_.host_resolver(); - session_context.cert_verifier = default_context_.cert_verifier(); - session_context.transport_security_state = - default_context_.transport_security_state(); - session_context.ct_policy_enforcer = default_context_.ct_policy_enforcer(); - session_context.proxy_resolution_service = - default_context_.proxy_resolution_service(); - session_context.ssl_config_service = default_context_.ssl_config_service(); - session_context.http_auth_handler_factory = - default_context_.http_auth_handler_factory(); - session_context.http_server_properties = - default_context_.http_server_properties(); - session_context.quic_context = default_context_.quic_context(); +// // Now create a new HttpCache with a different ssl_session_cache_shard value. +// HttpNetworkSession::Context session_context; +// session_context.host_resolver = default_context_.host_resolver(); +// session_context.cert_verifier = default_context_.cert_verifier(); +// session_context.transport_security_state = +// default_context_.transport_security_state(); +// session_context.ct_policy_enforcer = default_context_.ct_policy_enforcer(); +// session_context.proxy_resolution_service = +// default_context_.proxy_resolution_service(); +// session_context.ssl_config_service = default_context_.ssl_config_service(); +// session_context.http_auth_handler_factory = +// default_context_.http_auth_handler_factory(); +// session_context.http_server_properties = +// default_context_.http_server_properties(); +// session_context.quic_context = default_context_.quic_context(); - HttpNetworkSession network_session(HttpNetworkSession::Params(), - session_context); - std::unique_ptr cache( - new HttpCache(&network_session, HttpCache::DefaultBackend::InMemory(0), - false /* is_main_cache */)); +// HttpNetworkSession network_session(HttpNetworkSession::Params(), +// session_context); +// std::unique_ptr cache( +// new HttpCache(&network_session, HttpCache::DefaultBackend::InMemory(0), +// false /* is_main_cache */)); - default_context_.set_http_transaction_factory(cache.get()); +// default_context_.set_http_transaction_factory(cache.get()); - { - TestDelegate d; - std::unique_ptr r(default_context_.CreateRequest( - test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, - TRAFFIC_ANNOTATION_FOR_TESTS)); +// { +// TestDelegate d; +// std::unique_ptr r(default_context_.CreateRequest( +// test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, +// TRAFFIC_ANNOTATION_FOR_TESTS)); - r->Start(); - EXPECT_TRUE(r->is_pending()); +// r->Start(); +// EXPECT_TRUE(r->is_pending()); - d.RunUntilComplete(); +// d.RunUntilComplete(); - EXPECT_EQ(1, d.response_started_count()); - EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type); - } -} +// EXPECT_EQ(1, d.response_started_count()); +// EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type); +// } +// } // Test that sessions started with privacy mode enabled cannot be resumed when // it is disabled, and vice versa. @@ -10278,37 +10278,37 @@ }; // Tests the TLS 1.0 fallback doesn't happen. -TEST_F(HTTPSFallbackTest, TLSv1NoFallback) { - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_OK); - ssl_options.tls_intolerant = - SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; +// TEST_F(HTTPSFallbackTest, TLSv1NoFallback) { +// SpawnedTestServer::SSLOptions ssl_options( +// SpawnedTestServer::SSLOptions::CERT_OK); +// ssl_options.tls_intolerant = +// SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; - ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); - ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); -} +// ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); +// ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); +// } // Tests the TLS 1.1 fallback doesn't happen. -TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_OK); - ssl_options.tls_intolerant = - SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; +// TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { +// SpawnedTestServer::SSLOptions ssl_options( +// SpawnedTestServer::SSLOptions::CERT_OK); +// ssl_options.tls_intolerant = +// SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; - ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); - ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); -} +// ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); +// ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); +// } // Tests the TLS 1.2 fallback doesn't happen. -TEST_F(HTTPSFallbackTest, TLSv1_2NoFallback) { - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_OK); - ssl_options.tls_intolerant = - SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; +// TEST_F(HTTPSFallbackTest, TLSv1_2NoFallback) { +// SpawnedTestServer::SSLOptions ssl_options( +// SpawnedTestServer::SSLOptions::CERT_OK); +// ssl_options.tls_intolerant = +// SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; - ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); - ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); -} +// ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); +// ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); +// } class HTTPSSessionTest : public TestWithTaskEnvironment { public: @@ -10329,55 +10329,55 @@ // Tests that session resumption is not attempted if an invalid certificate // is presented. -TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) { - SpawnedTestServer::SSLOptions ssl_options; - ssl_options.record_resume = true; - SpawnedTestServer test_server( - SpawnedTestServer::TYPE_HTTPS, ssl_options, - base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); - ASSERT_TRUE(test_server.Start()); +// TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) { +// SpawnedTestServer::SSLOptions ssl_options; +// ssl_options.record_resume = true; +// SpawnedTestServer test_server( +// SpawnedTestServer::TYPE_HTTPS, ssl_options, +// base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); +// ASSERT_TRUE(test_server.Start()); - default_context_.http_transaction_factory() - ->GetSession() - ->ClearSSLSessionCache(); +// default_context_.http_transaction_factory() +// ->GetSession() +// ->ClearSSLSessionCache(); - // Simulate the certificate being expired and attempt a connection. - cert_verifier_.set_default_result(ERR_CERT_DATE_INVALID); - { - TestDelegate d; - std::unique_ptr r(default_context_.CreateRequest( - test_server.GetURL("/"), DEFAULT_PRIORITY, &d, - TRAFFIC_ANNOTATION_FOR_TESTS)); +// // Simulate the certificate being expired and attempt a connection. +// cert_verifier_.set_default_result(ERR_CERT_DATE_INVALID); +// { +// TestDelegate d; +// std::unique_ptr r(default_context_.CreateRequest( +// test_server.GetURL("/"), DEFAULT_PRIORITY, &d, +// TRAFFIC_ANNOTATION_FOR_TESTS)); - r->Start(); - EXPECT_TRUE(r->is_pending()); +// r->Start(); +// EXPECT_TRUE(r->is_pending()); - d.RunUntilComplete(); +// d.RunUntilComplete(); - EXPECT_EQ(1, d.response_started_count()); - } +// EXPECT_EQ(1, d.response_started_count()); +// } - reinterpret_cast(default_context_.http_transaction_factory()) - ->CloseAllConnections(ERR_FAILED, "Very good reason"); +// reinterpret_cast(default_context_.http_transaction_factory()) +// ->CloseAllConnections(ERR_FAILED, "Very good reason"); - // Now change the certificate to be acceptable (so that the response is - // loaded), and ensure that no session id is presented to the peer. - cert_verifier_.set_default_result(OK); - { - TestDelegate d; - std::unique_ptr r(default_context_.CreateRequest( - test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, - TRAFFIC_ANNOTATION_FOR_TESTS)); +// // Now change the certificate to be acceptable (so that the response is +// // loaded), and ensure that no session id is presented to the peer. +// cert_verifier_.set_default_result(OK); +// { +// TestDelegate d; +// std::unique_ptr r(default_context_.CreateRequest( +// test_server.GetURL("ssl-session-cache"), DEFAULT_PRIORITY, &d, +// TRAFFIC_ANNOTATION_FOR_TESTS)); - r->Start(); - EXPECT_TRUE(r->is_pending()); +// r->Start(); +// EXPECT_TRUE(r->is_pending()); - d.RunUntilComplete(); +// d.RunUntilComplete(); - EXPECT_EQ(1, d.response_started_count()); - EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type); - } -} +// EXPECT_EQ(1, d.response_started_count()); +// EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type); +// } +// } // Interceptor to check that secure DNS has been disabled. Secure DNS should be // disabled for any network fetch triggered during certificate verification as