security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp@141e0f1194b1
security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
Wed, 31 Dec 2014 07:16:47 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 07:16:47 +0100
- branch
- TOR_BUG_9701
- changeset 3
- 141e0f1194b1
- permissions
- -rw-r--r--
Revert simplistic fix pending revisit of Mozilla integration attempt.
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "nsNSSIOLayer.h"
8 #include "sslproto.h"
10 #include "gtest/gtest.h"
12 NS_NAMED_LITERAL_CSTRING(HOST, "example.org");
13 const int16_t PORT = 443;
15 class TLSIntoleranceTest : public ::testing::Test
16 {
17 protected:
18 nsSSLIOLayerHelpers helpers;
19 };
21 TEST_F(TLSIntoleranceTest, Test_1_2_through_3_0)
22 {
23 // No adjustment made when there is no entry for the site.
24 {
25 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
26 SSL_LIBRARY_VERSION_TLS_1_2 };
27 helpers.adjustForTLSIntolerance(HOST, PORT, range);
28 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
29 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
31 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
32 range.min, range.max));
33 }
35 {
36 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
37 SSL_LIBRARY_VERSION_TLS_1_2 };
38 helpers.adjustForTLSIntolerance(HOST, PORT, range);
39 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
40 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
42 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
43 range.min, range.max));
44 }
46 {
47 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
48 SSL_LIBRARY_VERSION_TLS_1_2 };
49 helpers.adjustForTLSIntolerance(HOST, PORT, range);
50 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
51 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
53 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
54 range.min, range.max));
55 }
57 {
58 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
59 SSL_LIBRARY_VERSION_TLS_1_2 };
61 helpers.adjustForTLSIntolerance(HOST, PORT, range);
62 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
63 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.max);
65 // false because we reached the floor set by range.min
66 ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
67 range.min, range.max));
68 }
70 {
71 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
72 SSL_LIBRARY_VERSION_TLS_1_2 };
73 helpers.adjustForTLSIntolerance(HOST, PORT, range);
74 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
75 // When rememberIntolerantAtVersion returns false, it also resets the
76 // intolerance information for the server.
77 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
78 }
79 }
81 TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_1)
82 {
83 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
84 SSL_LIBRARY_VERSION_3_0,
85 SSL_LIBRARY_VERSION_TLS_1_0));
86 helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0);
87 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
88 SSL_LIBRARY_VERSION_TLS_1_2 };
89 helpers.adjustForTLSIntolerance(HOST, PORT, range);
90 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
91 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
92 }
94 TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_2)
95 {
96 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
97 SSL_LIBRARY_VERSION_3_0,
98 SSL_LIBRARY_VERSION_TLS_1_0));
99 helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
100 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
101 SSL_LIBRARY_VERSION_TLS_1_2 };
102 helpers.adjustForTLSIntolerance(HOST, PORT, range);
103 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
104 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
105 }
107 TEST_F(TLSIntoleranceTest, Test_Intolerant_Does_Not_Override_Tolerant)
108 {
109 // No adjustment made when there is no entry for the site.
110 helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0);
111 // false because we reached the floor set by rememberTolerantAtVersion.
112 ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
113 SSL_LIBRARY_VERSION_3_0,
114 SSL_LIBRARY_VERSION_TLS_1_0));
115 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
116 SSL_LIBRARY_VERSION_TLS_1_2 };
117 helpers.adjustForTLSIntolerance(HOST, PORT, range);
118 ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
119 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
120 }
122 TEST_F(TLSIntoleranceTest, Test_Port_Is_Relevant)
123 {
124 helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
125 ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1,
126 SSL_LIBRARY_VERSION_3_0,
127 SSL_LIBRARY_VERSION_TLS_1_2));
128 ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2,
129 SSL_LIBRARY_VERSION_3_0,
130 SSL_LIBRARY_VERSION_TLS_1_2));
132 {
133 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
134 SSL_LIBRARY_VERSION_TLS_1_2 };
135 helpers.adjustForTLSIntolerance(HOST, 1, range);
136 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
137 }
139 {
140 SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
141 SSL_LIBRARY_VERSION_TLS_1_2 };
142 helpers.adjustForTLSIntolerance(HOST, 2, range);
143 ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
144 }
145 }
