The Tor Browser / annotate

security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp@141e0f1194b1 (annotated)

security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp

Wed, 31 Dec 2014 07:16:47 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 07:16:47 +0100
branch
TOR_BUG_9701
changeset 3
141e0f1194b1
permissions
-rw-r--r--

Revert simplistic fix pending revisit of Mozilla integration attempt.

michael@0 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
michael@0 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
michael@0 3 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 6
michael@0 7 #include "nsNSSIOLayer.h"
michael@0 8 #include "sslproto.h"
michael@0 9
michael@0 10 #include "gtest/gtest.h"
michael@0 11
michael@0 12 NS_NAMED_LITERAL_CSTRING(HOST, "example.org");
michael@0 13 const int16_t PORT = 443;
michael@0 14
michael@0 15 class TLSIntoleranceTest : public ::testing::Test
michael@0 16 {
michael@0 17 protected:
michael@0 18 nsSSLIOLayerHelpers helpers;
michael@0 19 };
michael@0 20
michael@0 21 TEST_F(TLSIntoleranceTest, Test_1_2_through_3_0)
michael@0 22 {
michael@0 23 // No adjustment made when there is no entry for the site.
michael@0 24 {
michael@0 25 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 26 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 27 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 28 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 29 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0 30
michael@0 31 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0 32 range.min, range.max));
michael@0 33 }
michael@0 34
michael@0 35 {
michael@0 36 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 37 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 38 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 39 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 40 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
michael@0 41
michael@0 42 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0 43 range.min, range.max));
michael@0 44 }
michael@0 45
michael@0 46 {
michael@0 47 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 48 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 49 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 50 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 51 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
michael@0 52
michael@0 53 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0 54 range.min, range.max));
michael@0 55 }
michael@0 56
michael@0 57 {
michael@0 58 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 59 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 60
michael@0 61 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 62 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 63 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.max);
michael@0 64
michael@0 65 // false because we reached the floor set by range.min
michael@0 66 ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0 67 range.min, range.max));
michael@0 68 }
michael@0 69
michael@0 70 {
michael@0 71 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 72 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 73 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 74 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 75 // When rememberIntolerantAtVersion returns false, it also resets the
michael@0 76 // intolerance information for the server.
michael@0 77 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0 78 }
michael@0 79 }
michael@0 80
michael@0 81 TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_1)
michael@0 82 {
michael@0 83 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0 84 SSL_LIBRARY_VERSION_3_0,
michael@0 85 SSL_LIBRARY_VERSION_TLS_1_0));
michael@0 86 helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0);
michael@0 87 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 88 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 89 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 90 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 91 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
michael@0 92 }
michael@0 93
michael@0 94 TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_2)
michael@0 95 {
michael@0 96 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0 97 SSL_LIBRARY_VERSION_3_0,
michael@0 98 SSL_LIBRARY_VERSION_TLS_1_0));
michael@0 99 helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
michael@0 100 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 101 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 102 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 103 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 104 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
michael@0 105 }
michael@0 106
michael@0 107 TEST_F(TLSIntoleranceTest, Test_Intolerant_Does_Not_Override_Tolerant)
michael@0 108 {
michael@0 109 // No adjustment made when there is no entry for the site.
michael@0 110 helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0);
michael@0 111 // false because we reached the floor set by rememberTolerantAtVersion.
michael@0 112 ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0 113 SSL_LIBRARY_VERSION_3_0,
michael@0 114 SSL_LIBRARY_VERSION_TLS_1_0));
michael@0 115 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 116 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 117 helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0 118 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0 119 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0 120 }
michael@0 121
michael@0 122 TEST_F(TLSIntoleranceTest, Test_Port_Is_Relevant)
michael@0 123 {
michael@0 124 helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
michael@0 125 ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1,
michael@0 126 SSL_LIBRARY_VERSION_3_0,
michael@0 127 SSL_LIBRARY_VERSION_TLS_1_2));
michael@0 128 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2,
michael@0 129 SSL_LIBRARY_VERSION_3_0,
michael@0 130 SSL_LIBRARY_VERSION_TLS_1_2));
michael@0 131
michael@0 132 {
michael@0 133 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 134 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 135 helpers.adjustForTLSIntolerance(HOST, 1, range);
michael@0 136 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0 137 }
michael@0 138
michael@0 139 {
michael@0 140 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0 141 SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0 142 helpers.adjustForTLSIntolerance(HOST, 2, range);
michael@0 143 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
michael@0 144 }
michael@0 145 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial