From 7961cea6d1041e3e454dae6a1da660b453efd238 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Mon, 20 Jan 2020 13:40:20 +0100 Subject: BASELINE: Update Chromium to 78.0.3904.130 Change-Id: If185e0c0061b3437531c97c9c8c78f239352a68b Reviewed-by: Allan Sandfeld Jensen --- chromium/net/ssl/client_cert_store_nss.cc | 10 +- chromium/net/ssl/client_cert_store_nss_unittest.cc | 6 +- chromium/net/ssl/client_cert_store_unittest-inl.h | 4 +- chromium/net/ssl/ssl_client_auth_cache.cc | 14 +- chromium/net/ssl/ssl_client_auth_cache.h | 22 +- chromium/net/ssl/ssl_client_auth_cache_unittest.cc | 6 +- chromium/net/ssl/ssl_client_session_cache.cc | 43 ++- chromium/net/ssl/ssl_client_session_cache.h | 39 ++- .../net/ssl/ssl_client_session_cache_unittest.cc | 306 +++++++++++++-------- chromium/net/ssl/ssl_config.cc | 6 +- chromium/net/ssl/ssl_config.h | 30 +- chromium/net/ssl/ssl_config_service.cc | 41 +-- chromium/net/ssl/ssl_config_service.h | 63 +++-- chromium/net/ssl/ssl_config_service_defaults.cc | 4 +- chromium/net/ssl/ssl_config_service_defaults.h | 6 +- chromium/net/ssl/ssl_config_service_unittest.cc | 62 ++--- chromium/net/ssl/ssl_info.h | 5 + chromium/net/ssl/ssl_key_logger_impl.cc | 21 +- chromium/net/ssl/ssl_key_logger_impl.h | 6 + .../net/ssl/ssl_platform_key_android_unittest.cc | 4 +- chromium/net/ssl/ssl_platform_key_mac_unittest.cc | 4 +- chromium/net/ssl/ssl_platform_key_nss_unittest.cc | 4 +- chromium/net/ssl/ssl_platform_key_win_unittest.cc | 8 +- chromium/net/ssl/test_ssl_config_service.cc | 29 ++ chromium/net/ssl/test_ssl_config_service.h | 29 ++ 25 files changed, 486 insertions(+), 286 deletions(-) create mode 100644 chromium/net/ssl/test_ssl_config_service.cc create mode 100644 chromium/net/ssl/test_ssl_config_service.h (limited to 'chromium/net/ssl') diff --git a/chromium/net/ssl/client_cert_store_nss.cc b/chromium/net/ssl/client_cert_store_nss.cc index 6bb552aff50..f4d3e893c23 100644 --- a/chromium/net/ssl/client_cert_store_nss.cc +++ b/chromium/net/ssl/client_cert_store_nss.cc @@ -49,9 +49,10 @@ class ClientCertIdentityNSS : public ClientCertIdentity { private_key_callback) override { // Caller is responsible for keeping the ClientCertIdentity alive until // the |private_key_callback| is run, so it's safe to use Unretained here. - base::PostTaskWithTraitsAndReplyWithResult( + base::PostTaskAndReplyWithResult( FROM_HERE, - {base::MayBlock(), base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}, + {base::ThreadPool(), base::MayBlock(), + base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}, base::BindOnce(&FetchClientCertPrivateKey, base::Unretained(certificate()), cert_certificate_.get(), password_delegate_), @@ -77,9 +78,10 @@ void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request, scoped_refptr password_delegate; if (!password_delegate_factory_.is_null()) password_delegate = password_delegate_factory_.Run(request.host_and_port); - base::PostTaskWithTraitsAndReplyWithResult( + base::PostTaskAndReplyWithResult( FROM_HERE, - {base::MayBlock(), base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}, + {base::ThreadPool(), base::MayBlock(), + base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}, base::BindOnce(&ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread, // Caller is responsible for keeping the ClientCertStore // alive until the callback is run. diff --git a/chromium/net/ssl/client_cert_store_nss_unittest.cc b/chromium/net/ssl/client_cert_store_nss_unittest.cc index cf3a2942ae4..964b9fbe809 100644 --- a/chromium/net/ssl/client_cert_store_nss_unittest.cc +++ b/chromium/net/ssl/client_cert_store_nss_unittest.cc @@ -15,7 +15,7 @@ #include "base/files/file_util.h" #include "base/memory/ref_counted.h" #include "base/run_loop.h" -#include "base/test/scoped_task_environment.h" +#include "base/test/task_environment.h" #include "crypto/nss_util.h" #include "crypto/scoped_test_nss_db.h" #include "net/cert/pem_tokenizer.h" @@ -76,7 +76,7 @@ INSTANTIATE_TYPED_TEST_SUITE_P(NSS, // Tests that ClientCertStoreNSS attempts to build a certificate chain by // querying NSS before return a certificate. TEST(ClientCertStoreNSSTest, BuildsCertificateChain) { - base::test::ScopedTaskEnvironment scoped_task_environment; + base::test::TaskEnvironment task_environment; // Set up a test DB and import client_1.pem and client_1_ca.pem. crypto::ScopedTestNSSDB test_db; @@ -169,7 +169,7 @@ TEST(ClientCertStoreNSSTest, BuildsCertificateChain) { } TEST(ClientCertStoreNSSTest, SubjectPrintableStringContainingUTF8) { - base::test::ScopedTaskEnvironment scoped_task_environment; + base::test::TaskEnvironment task_environment; crypto::ScopedTestNSSDB test_db; base::FilePath certs_dir = diff --git a/chromium/net/ssl/client_cert_store_unittest-inl.h b/chromium/net/ssl/client_cert_store_unittest-inl.h index 71318b519a9..ea2a7205755 100644 --- a/chromium/net/ssl/client_cert_store_unittest-inl.h +++ b/chromium/net/ssl/client_cert_store_unittest-inl.h @@ -17,7 +17,7 @@ #include "net/ssl/ssl_cert_request_info.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" -#include "net/test/test_with_scoped_task_environment.h" +#include "net/test/test_with_task_environment.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -58,7 +58,7 @@ const unsigned char kAuthorityRootDN[] = { // const SSLCertRequestInfo& cert_request_info, // ClientCertIdentityList* selected_identities); template -class ClientCertStoreTest : public TestWithScopedTaskEnvironment { +class ClientCertStoreTest : public TestWithTaskEnvironment { public: T delegate_; }; diff --git a/chromium/net/ssl/ssl_client_auth_cache.cc b/chromium/net/ssl/ssl_client_auth_cache.cc index 4cd6aef7030..e8c05fc9de9 100644 --- a/chromium/net/ssl/ssl_client_auth_cache.cc +++ b/chromium/net/ssl/ssl_client_auth_cache.cc @@ -10,13 +10,9 @@ namespace net { -SSLClientAuthCache::SSLClientAuthCache() { - CertDatabase::GetInstance()->AddObserver(this); -} +SSLClientAuthCache::SSLClientAuthCache() {} -SSLClientAuthCache::~SSLClientAuthCache() { - CertDatabase::GetInstance()->RemoveObserver(this); -} +SSLClientAuthCache::~SSLClientAuthCache() {} bool SSLClientAuthCache::Lookup(const HostPortPair& server, scoped_refptr* certificate, @@ -41,11 +37,11 @@ void SSLClientAuthCache::Add(const HostPortPair& server, // TODO(wtc): enforce a maximum number of entries. } -void SSLClientAuthCache::Remove(const HostPortPair& server) { - cache_.erase(server); +bool SSLClientAuthCache::Remove(const HostPortPair& server) { + return cache_.erase(server); } -void SSLClientAuthCache::OnCertDBChanged() { +void SSLClientAuthCache::Clear() { cache_.clear(); } diff --git a/chromium/net/ssl/ssl_client_auth_cache.h b/chromium/net/ssl/ssl_client_auth_cache.h index 6486967ec48..a380ea7d6f3 100644 --- a/chromium/net/ssl/ssl_client_auth_cache.h +++ b/chromium/net/ssl/ssl_client_auth_cache.h @@ -13,7 +13,6 @@ #include "base/memory/ref_counted.h" #include "net/base/host_port_pair.h" #include "net/base/net_export.h" -#include "net/cert/cert_database.h" #include "net/ssl/ssl_private_key.h" namespace net { @@ -21,16 +20,12 @@ namespace net { class X509Certificate; // The SSLClientAuthCache class is a simple cache structure to store SSL -// client certificates. Provides lookup, insertion, and deletion of entries. -// The parameter for doing lookups, insertions, and deletions is the server's -// host and port. -// -// TODO(wtc): This class is based on FtpAuthCache. We can extract the common -// code to a template class. -class NET_EXPORT_PRIVATE SSLClientAuthCache : public CertDatabase::Observer { +// client certificate decisions. Provides lookup, insertion, and deletion of +// entries based on a server's host and port. +class NET_EXPORT_PRIVATE SSLClientAuthCache { public: SSLClientAuthCache(); - ~SSLClientAuthCache() override; + ~SSLClientAuthCache(); // Checks for a client certificate preference for SSL server at |server|. // Returns true if a preference is found, and sets |*certificate| to the @@ -49,11 +44,12 @@ class NET_EXPORT_PRIVATE SSLClientAuthCache : public CertDatabase::Observer { scoped_refptr client_cert, scoped_refptr private_key); - // Remove the client certificate for |server| from the cache, if one exists. - void Remove(const HostPortPair& server); + // Remove cached client certificate decisions for |server| from the cache. + // Returns true if one was removed and false otherwise. + bool Remove(const HostPortPair& server); - // CertDatabase::Observer methods: - void OnCertDBChanged() override; + // Removes all cached client certificate decisions. + void Clear(); private: typedef HostPortPair AuthCacheKey; diff --git a/chromium/net/ssl/ssl_client_auth_cache_unittest.cc b/chromium/net/ssl/ssl_client_auth_cache_unittest.cc index ff1b01561f6..6d6bbf82352 100644 --- a/chromium/net/ssl/ssl_client_auth_cache_unittest.cc +++ b/chromium/net/ssl/ssl_client_auth_cache_unittest.cc @@ -154,8 +154,8 @@ TEST(SSLClientAuthCacheTest, LookupNullPreference) { EXPECT_EQ(nullptr, cached_cert.get()); } -// Check that the OnCertDBChanged() method removes all cache entries. -TEST(SSLClientAuthCacheTest, OnCertDBChanged) { +// Check that the Clear() method removes all cache entries. +TEST(SSLClientAuthCacheTest, Clear) { SSLClientAuthCache cache; HostPortPair server1("foo", 443); @@ -178,7 +178,7 @@ TEST(SSLClientAuthCacheTest, OnCertDBChanged) { EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); EXPECT_EQ(nullptr, cached_cert.get()); - cache.OnCertDBChanged(); + cache.Clear(); // Check that we no longer have entries for either server. EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); diff --git a/chromium/net/ssl/ssl_client_session_cache.cc b/chromium/net/ssl/ssl_client_session_cache.cc index da21c11510b..40ef3c37cb9 100644 --- a/chromium/net/ssl/ssl_client_session_cache.cc +++ b/chromium/net/ssl/ssl_client_session_cache.cc @@ -4,6 +4,7 @@ #include "net/ssl/ssl_client_session_cache.h" +#include #include #include "base/containers/flat_set.h" @@ -24,6 +25,27 @@ bool IsTLS13(const SSL_SESSION* session) { } // namespace +SSLClientSessionCache::Key::Key() = default; +SSLClientSessionCache::Key::Key(const Key& other) = default; +SSLClientSessionCache::Key::Key(Key&& other) = default; +SSLClientSessionCache::Key::~Key() = default; +SSLClientSessionCache::Key& SSLClientSessionCache::Key::operator=( + const Key& other) = default; +SSLClientSessionCache::Key& SSLClientSessionCache::Key::operator=(Key&& other) = + default; + +bool SSLClientSessionCache::Key::operator==(const Key& other) const { + return std::tie(server, dest_ip_addr, network_isolation_key, privacy_mode) == + std::tie(other.server, other.dest_ip_addr, other.network_isolation_key, + other.privacy_mode); +} + +bool SSLClientSessionCache::Key::operator<(const Key& other) const { + return std::tie(server, dest_ip_addr, network_isolation_key, privacy_mode) < + std::tie(other.server, other.dest_ip_addr, other.network_isolation_key, + other.privacy_mode); +} + SSLClientSessionCache::SSLClientSessionCache(const Config& config) : clock_(base::DefaultClock::GetInstance()), config_(config), @@ -31,15 +53,9 @@ SSLClientSessionCache::SSLClientSessionCache(const Config& config) lookups_since_flush_(0) { memory_pressure_listener_.reset(new base::MemoryPressureListener(base::Bind( &SSLClientSessionCache::OnMemoryPressure, base::Unretained(this)))); - CertDatabase::GetInstance()->AddObserver(this); } SSLClientSessionCache::~SSLClientSessionCache() { - CertDatabase::GetInstance()->RemoveObserver(this); - Flush(); -} - -void SSLClientSessionCache::OnCertDBChanged() { Flush(); } @@ -48,7 +64,7 @@ size_t SSLClientSessionCache::size() const { } bssl::UniquePtr SSLClientSessionCache::Lookup( - const std::string& cache_key) { + const Key& cache_key) { // Expire stale sessions. lookups_since_flush_++; if (lookups_since_flush_ >= config_.expiration_check_count) { @@ -79,7 +95,7 @@ bssl::UniquePtr SSLClientSessionCache::Lookup( return session; } -void SSLClientSessionCache::Insert(const std::string& cache_key, +void SSLClientSessionCache::Insert(const Key& cache_key, bssl::UniquePtr session) { if (IsTLS13(session.get())) { base::TimeDelta lifetime = @@ -95,6 +111,17 @@ void SSLClientSessionCache::Insert(const std::string& cache_key, iter->second.Push(std::move(session)); } +void SSLClientSessionCache::FlushForServer(const HostPortPair& server) { + auto iter = cache_.begin(); + while (iter != cache_.end()) { + if (iter->first.server == server) { + iter = cache_.Erase(iter); + } else { + ++iter; + } + } +} + void SSLClientSessionCache::Flush() { cache_.Clear(); } diff --git a/chromium/net/ssl/ssl_client_session_cache.h b/chromium/net/ssl/ssl_client_session_cache.h index 858dd61c7fd..c674837c568 100644 --- a/chromium/net/ssl/ssl_client_session_cache.h +++ b/chromium/net/ssl/ssl_client_session_cache.h @@ -15,10 +15,14 @@ #include "base/containers/mru_cache.h" #include "base/macros.h" #include "base/memory/memory_pressure_monitor.h" +#include "base/optional.h" #include "base/time/time.h" #include "base/trace_event/memory_dump_provider.h" +#include "net/base/host_port_pair.h" +#include "net/base/ip_address.h" #include "net/base/net_export.h" -#include "net/cert/cert_database.h" +#include "net/base/network_isolation_key.h" +#include "net/base/privacy_mode.h" #include "third_party/boringssl/src/include/openssl/base.h" namespace base { @@ -30,7 +34,7 @@ class ProcessMemoryDump; namespace net { -class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer { +class NET_EXPORT SSLClientSessionCache { public: struct Config { // The maximum number of entries in the cache. @@ -39,10 +43,25 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer { size_t expiration_check_count = 256; }; - explicit SSLClientSessionCache(const Config& config); - ~SSLClientSessionCache() override; + struct NET_EXPORT Key { + Key(); + Key(const Key& other); + Key(Key&& other); + ~Key(); + Key& operator=(const Key& other); + Key& operator=(Key&& other); + + bool operator==(const Key& other) const; + bool operator<(const Key& other) const; + + HostPortPair server; + base::Optional dest_ip_addr; + NetworkIsolationKey network_isolation_key; + PrivacyMode privacy_mode = PRIVACY_MODE_DISABLED; + }; - void OnCertDBChanged() override; + explicit SSLClientSessionCache(const Config& config); + ~SSLClientSessionCache(); // Returns true if |entry| is expired as of |now|. static bool IsExpired(SSL_SESSION* session, time_t now); @@ -51,13 +70,15 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer { // Returns the session associated with |cache_key| and moves it to the front // of the MRU list. Returns nullptr if there is none. - bssl::UniquePtr Lookup(const std::string& cache_key); + bssl::UniquePtr Lookup(const Key& cache_key); // Inserts |session| into the cache at |cache_key|. If there is an existing // one, it is released. Every |expiration_check_count| calls, the cache is // checked for stale entries. - void Insert(const std::string& cache_key, - bssl::UniquePtr session); + void Insert(const Key& cache_key, bssl::UniquePtr session); + + // Removes all entries associated with |server|. + void FlushForServer(const HostPortPair& server); // Removes all entries from the cache. void Flush(); @@ -99,7 +120,7 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer { base::Clock* clock_; Config config_; - base::HashingMRUCache cache_; + base::MRUCache cache_; size_t lookups_since_flush_; std::unique_ptr memory_pressure_listener_; diff --git a/chromium/net/ssl/ssl_client_session_cache_unittest.cc b/chromium/net/ssl/ssl_client_session_cache_unittest.cc index 610c2f3ec92..e786e60a27f 100644 --- a/chromium/net/ssl/ssl_client_session_cache_unittest.cc +++ b/chromium/net/ssl/ssl_client_session_cache_unittest.cc @@ -6,20 +6,22 @@ #include "base/run_loop.h" #include "base/strings/string_number_conversions.h" -#include "base/test/scoped_task_environment.h" #include "base/test/simple_test_clock.h" +#include "base/test/task_environment.h" #include "base/time/time.h" #include "base/trace_event/memory_allocator_dump.h" #include "base/trace_event/process_memory_dump.h" #include "base/trace_event/traced_value.h" +#include "net/base/network_isolation_key.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/include/openssl/ssl.h" +#include "url/gurl.h" +using testing::ByRef; using testing::Contains; using testing::Eq; using testing::Field; -using testing::ByRef; namespace net { @@ -34,6 +36,12 @@ std::unique_ptr MakeTestClock() { return clock; } +SSLClientSessionCache::Key MakeTestKey(const std::string& str) { + SSLClientSessionCache::Key key; + key.server = HostPortPair(str, 443); + return key; +} + class SSLClientSessionCacheTest : public testing::Test { public: SSLClientSessionCacheTest() : ssl_ctx_(SSL_CTX_new(TLS_method())) {} @@ -74,29 +82,29 @@ TEST_F(SSLClientSessionCacheTest, Basic) { bssl::UniquePtr session2 = NewSSLSession(); bssl::UniquePtr session3 = NewSSLSession(); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); - cache.Insert("key1", bssl::UpRef(session1)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(1u, cache.size()); - cache.Insert("key2", bssl::UpRef(session2)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2)); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(2u, cache.size()); - cache.Insert("key1", bssl::UpRef(session3)); - EXPECT_EQ(session3.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session3)); + EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(2u, cache.size()); cache.Flush(); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); - EXPECT_EQ(nullptr, cache.Lookup("key3").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key3")).get()); EXPECT_EQ(0u, cache.size()); } @@ -109,48 +117,48 @@ TEST_F(SSLClientSessionCacheTest, BasicSingleUse) { bssl::UniquePtr session2 = NewSSLSession(TLS1_3_VERSION); bssl::UniquePtr session3 = NewSSLSession(TLS1_3_VERSION); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); - cache.Insert("key1", bssl::UpRef(session1)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); - cache.Insert("key1", bssl::UpRef(session1)); - cache.Insert("key1", bssl::UpRef(session1)); - cache.Insert("key2", bssl::UpRef(session2)); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(1u, cache.size()); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); - cache.Insert("key1", bssl::UpRef(session1)); - cache.Insert("key1", bssl::UpRef(session3)); - cache.Insert("key2", bssl::UpRef(session2)); - EXPECT_EQ(session3.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session3)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2)); + EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); cache.Flush(); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); - EXPECT_EQ(nullptr, cache.Lookup("key3").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key3")).get()); EXPECT_EQ(0u, cache.size()); - cache.Insert("key1", bssl::UpRef(session1)); - cache.Insert("key1", bssl::UpRef(session2)); - cache.Insert("key1", bssl::UpRef(session3)); - EXPECT_EQ(session3.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session2)); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session3)); + EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); } // Test insertion and lookup operations with both single-use and reusable @@ -162,34 +170,34 @@ TEST_F(SSLClientSessionCacheTest, MixedUse) { bssl::UniquePtr session_single = NewSSLSession(TLS1_3_VERSION); bssl::UniquePtr session_reuse = NewSSLSession(TLS1_2_VERSION); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); EXPECT_EQ(0u, cache.size()); - cache.Insert("key1", bssl::UpRef(session_reuse)); - EXPECT_EQ(session_reuse.get(), cache.Lookup("key1").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session_reuse)); + EXPECT_EQ(session_reuse.get(), cache.Lookup(MakeTestKey("key1")).get()); EXPECT_EQ(1u, cache.size()); - cache.Insert("key1", bssl::UpRef(session_single)); - EXPECT_EQ(session_single.get(), cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session_single)); + EXPECT_EQ(session_single.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); EXPECT_EQ(0u, cache.size()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); - cache.Insert("key2", bssl::UpRef(session_single)); - cache.Insert("key2", bssl::UpRef(session_single)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_single)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_single)); EXPECT_EQ(1u, cache.size()); - EXPECT_EQ(session_single.get(), cache.Lookup("key2").get()); - EXPECT_EQ(session_single.get(), cache.Lookup("key2").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + EXPECT_EQ(session_single.get(), cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(session_single.get(), cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); - cache.Insert("key2", bssl::UpRef(session_single)); - cache.Insert("key2", bssl::UpRef(session_reuse)); - EXPECT_EQ(session_reuse.get(), cache.Lookup("key2").get()); - EXPECT_EQ(session_reuse.get(), cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_single)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_reuse)); + EXPECT_EQ(session_reuse.get(), cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(session_reuse.get(), cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(1u, cache.size()); } @@ -201,23 +209,23 @@ TEST_F(SSLClientSessionCacheTest, DoubleInsert) { bssl::UniquePtr session = NewSSLSession(); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); - cache.Insert("key1", bssl::UpRef(session)); - EXPECT_EQ(session.get(), cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session)); + EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(1u, cache.size()); - cache.Insert("key2", bssl::UpRef(session)); - EXPECT_EQ(session.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session.get(), cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session)); + EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(2u, cache.size()); cache.Flush(); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); - EXPECT_EQ(nullptr, cache.Lookup("key2").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(0u, cache.size()); } @@ -233,29 +241,29 @@ TEST_F(SSLClientSessionCacheTest, MaxEntries) { bssl::UniquePtr session4 = NewSSLSession(); // Insert three entries. - cache.Insert("key1", bssl::UpRef(session1)); - cache.Insert("key2", bssl::UpRef(session2)); - cache.Insert("key3", bssl::UpRef(session3)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); - EXPECT_EQ(session3.get(), cache.Lookup("key3").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2)); + cache.Insert(MakeTestKey("key3"), bssl::UpRef(session3)); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get()); EXPECT_EQ(3u, cache.size()); // On insertion of a fourth, the first is removed. - cache.Insert("key4", bssl::UpRef(session4)); - EXPECT_EQ(nullptr, cache.Lookup("key1").get()); - EXPECT_EQ(session4.get(), cache.Lookup("key4").get()); - EXPECT_EQ(session3.get(), cache.Lookup("key3").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); + cache.Insert(MakeTestKey("key4"), bssl::UpRef(session4)); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session4.get(), cache.Lookup(MakeTestKey("key4")).get()); + EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); EXPECT_EQ(3u, cache.size()); // Despite being newest, the next to be removed is session4 as it was accessed // least. recently. - cache.Insert("key1", bssl::UpRef(session1)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); - EXPECT_EQ(session3.get(), cache.Lookup("key3").get()); - EXPECT_EQ(nullptr, cache.Lookup("key4").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key4")).get()); EXPECT_EQ(3u, cache.size()); } @@ -275,7 +283,7 @@ TEST_F(SSLClientSessionCacheTest, Expiration) { for (size_t i = 0; i < kNumEntries - 1; i++) { bssl::UniquePtr session = MakeTestSession(clock->Now(), kTimeout); - cache.Insert(base::NumberToString(i), bssl::UpRef(session)); + cache.Insert(MakeTestKey(base::NumberToString(i)), bssl::UpRef(session)); } EXPECT_EQ(kNumEntries - 1, cache.size()); @@ -283,7 +291,7 @@ TEST_F(SSLClientSessionCacheTest, Expiration) { clock->Advance(kTimeout * 2); bssl::UniquePtr session = MakeTestSession(clock->Now(), kTimeout); - cache.Insert("key", bssl::UpRef(session)); + cache.Insert(MakeTestKey("key"), bssl::UpRef(session)); // All entries are still in the cache. EXPECT_EQ(kNumEntries, cache.size()); @@ -291,18 +299,18 @@ TEST_F(SSLClientSessionCacheTest, Expiration) { // Perform one fewer lookup than needed to trigger the expiration check. This // shall not expire any session. for (size_t i = 0; i < kExpirationCheckCount - 1; i++) - cache.Lookup("key"); + cache.Lookup(MakeTestKey("key")); // All entries are still in the cache. EXPECT_EQ(kNumEntries, cache.size()); // Perform one more lookup. This will expire all sessions but the last one. - cache.Lookup("key"); + cache.Lookup(MakeTestKey("key")); EXPECT_EQ(1u, cache.size()); - EXPECT_EQ(session.get(), cache.Lookup("key").get()); + EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key")).get()); for (size_t i = 0; i < kNumEntries - 1; i++) { SCOPED_TRACE(i); - EXPECT_EQ(nullptr, cache.Lookup(base::NumberToString(i))); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey(base::NumberToString(i)))); } } @@ -323,8 +331,8 @@ TEST_F(SSLClientSessionCacheTest, LookupExpirationCheck) { // Insert an entry into the session cache. bssl::UniquePtr session = MakeTestSession(clock->Now(), kTimeout); - cache.Insert("key", bssl::UpRef(session)); - EXPECT_EQ(session.get(), cache.Lookup("key").get()); + cache.Insert(MakeTestKey("key"), bssl::UpRef(session)); + EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key")).get()); EXPECT_EQ(1u, cache.size()); // Expire the session. @@ -334,30 +342,30 @@ TEST_F(SSLClientSessionCacheTest, LookupExpirationCheck) { EXPECT_EQ(1u, cache.size()); // But it will not be returned on lookup and gets pruned at that point. - EXPECT_EQ(nullptr, cache.Lookup("key").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key")).get()); EXPECT_EQ(0u, cache.size()); // Re-inserting a session does not refresh the lifetime. The expiration // information in the session is used. - cache.Insert("key", bssl::UpRef(session)); - EXPECT_EQ(nullptr, cache.Lookup("key").get()); + cache.Insert(MakeTestKey("key"), bssl::UpRef(session)); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key")).get()); EXPECT_EQ(0u, cache.size()); // Re-insert a fresh copy of the session. session = MakeTestSession(clock->Now(), kTimeout); - cache.Insert("key", bssl::UpRef(session)); - EXPECT_EQ(session.get(), cache.Lookup("key").get()); + cache.Insert(MakeTestKey("key"), bssl::UpRef(session)); + EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key")).get()); EXPECT_EQ(1u, cache.size()); // Sessions also are treated as expired if the clock rewinds. clock->Advance(base::TimeDelta::FromSeconds(-2)); - EXPECT_EQ(nullptr, cache.Lookup("key").get()); + EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key")).get()); EXPECT_EQ(0u, cache.size()); } // Test that SSL cache is flushed on low memory notifications TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) { - base::test::ScopedTaskEnvironment scoped_task_environment; + base::test::TaskEnvironment task_environment; // kExpirationCheckCount is set to a suitably large number so the automated // pruning never triggers. @@ -373,8 +381,8 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) { // Insert an entry into the session cache. bssl::UniquePtr session1 = MakeTestSession(clock->Now(), kTimeout); - cache.Insert("key1", bssl::UpRef(session1)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); EXPECT_EQ(1u, cache.size()); // Expire the session. @@ -382,7 +390,7 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) { // Add one more session. bssl::UniquePtr session2 = MakeTestSession(clock->Now(), kTimeout); - cache.Insert("key2", bssl::UpRef(session2)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2)); EXPECT_EQ(2u, cache.size()); // Fire a notification that will flush expired sessions. @@ -392,8 +400,8 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) { // Expired session's cache should be flushed. // Lookup returns nullptr, when cache entry not found. - EXPECT_FALSE(cache.Lookup("key1")); - EXPECT_TRUE(cache.Lookup("key2")); + EXPECT_FALSE(cache.Lookup(MakeTestKey("key1"))); + EXPECT_TRUE(cache.Lookup(MakeTestKey("key2"))); EXPECT_EQ(1u, cache.size()); // Fire notification that will flush everything. @@ -403,6 +411,80 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) { EXPECT_EQ(0u, cache.size()); } +TEST_F(SSLClientSessionCacheTest, FlushForServer) { + SSLClientSessionCache::Config config; + SSLClientSessionCache cache(config); + + const url::Origin kOriginA = url::Origin::Create(GURL("https://a.test")); + const url::Origin kOriginB = url::Origin::Create(GURL("https://b.test")); + + // Insert a number of cache entries. + SSLClientSessionCache::Key key1; + key1.server = HostPortPair("a.test", 443); + auto session1 = NewSSLSession(); + cache.Insert(key1, bssl::UpRef(session1)); + + SSLClientSessionCache::Key key2; + key2.server = HostPortPair("a.test", 443); + key2.dest_ip_addr = IPAddress::IPv4Localhost(); + key2.network_isolation_key = NetworkIsolationKey(kOriginB, kOriginB); + key2.privacy_mode = PRIVACY_MODE_ENABLED; + auto session2 = NewSSLSession(); + cache.Insert(key2, bssl::UpRef(session2)); + + SSLClientSessionCache::Key key3; + key3.server = HostPortPair("a.test", 444); + auto session3 = NewSSLSession(); + cache.Insert(key3, bssl::UpRef(session3)); + + SSLClientSessionCache::Key key4; + key4.server = HostPortPair("b.test", 443); + auto session4 = NewSSLSession(); + cache.Insert(key4, bssl::UpRef(session4)); + + SSLClientSessionCache::Key key5; + key5.server = HostPortPair("b.test", 443); + key5.network_isolation_key = NetworkIsolationKey(kOriginA, kOriginA); + auto session5 = NewSSLSession(); + cache.Insert(key5, bssl::UpRef(session5)); + + // Flush an unrelated server. The cache should be unaffected. + cache.FlushForServer(HostPortPair("c.test", 443)); + EXPECT_EQ(5u, cache.size()); + EXPECT_EQ(session1.get(), cache.Lookup(key1).get()); + EXPECT_EQ(session2.get(), cache.Lookup(key2).get()); + EXPECT_EQ(session3.get(), cache.Lookup(key3).get()); + EXPECT_EQ(session4.get(), cache.Lookup(key4).get()); + EXPECT_EQ(session5.get(), cache.Lookup(key5).get()); + + // Flush a.test:443. |key1| and |key2| should match, but not the others. + cache.FlushForServer(HostPortPair("a.test", 443)); + EXPECT_EQ(3u, cache.size()); + EXPECT_EQ(nullptr, cache.Lookup(key1).get()); + EXPECT_EQ(nullptr, cache.Lookup(key2).get()); + EXPECT_EQ(session3.get(), cache.Lookup(key3).get()); + EXPECT_EQ(session4.get(), cache.Lookup(key4).get()); + EXPECT_EQ(session5.get(), cache.Lookup(key5).get()); + + // Flush b.test:443. |key4| and |key5| match, but not |key3|. + cache.FlushForServer(HostPortPair("b.test", 443)); + EXPECT_EQ(1u, cache.size()); + EXPECT_EQ(nullptr, cache.Lookup(key1).get()); + EXPECT_EQ(nullptr, cache.Lookup(key2).get()); + EXPECT_EQ(session3.get(), cache.Lookup(key3).get()); + EXPECT_EQ(nullptr, cache.Lookup(key4).get()); + EXPECT_EQ(nullptr, cache.Lookup(key5).get()); + + // Flush the last host, a.test:444. + cache.FlushForServer(HostPortPair("a.test", 444)); + EXPECT_EQ(0u, cache.size()); + EXPECT_EQ(nullptr, cache.Lookup(key1).get()); + EXPECT_EQ(nullptr, cache.Lookup(key2).get()); + EXPECT_EQ(nullptr, cache.Lookup(key3).get()); + EXPECT_EQ(nullptr, cache.Lookup(key4).get()); + EXPECT_EQ(nullptr, cache.Lookup(key5).get()); +} + class SSLClientSessionCacheMemoryDumpTest : public SSLClientSessionCacheTest, public testing::WithParamInterface< @@ -424,12 +506,12 @@ TEST_P(SSLClientSessionCacheMemoryDumpTest, TestDumpMemoryStats) { bssl::UniquePtr session3 = NewSSLSession(); // Insert three entries. - cache.Insert("key1", bssl::UpRef(session1)); - cache.Insert("key2", bssl::UpRef(session2)); - cache.Insert("key3", bssl::UpRef(session3)); - EXPECT_EQ(session1.get(), cache.Lookup("key1").get()); - EXPECT_EQ(session2.get(), cache.Lookup("key2").get()); - EXPECT_EQ(session3.get(), cache.Lookup("key3").get()); + cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1)); + cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2)); + cache.Insert(MakeTestKey("key3"), bssl::UpRef(session3)); + EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get()); + EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get()); + EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get()); EXPECT_EQ(3u, cache.size()); base::trace_event::MemoryDumpArgs dump_args = {GetParam()}; diff --git a/chromium/net/ssl/ssl_config.cc b/chromium/net/ssl/ssl_config.cc index 4b1ce4c24ed..3178d017c39 100644 --- a/chromium/net/ssl/ssl_config.cc +++ b/chromium/net/ssl/ssl_config.cc @@ -22,14 +22,10 @@ SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) = default; SSLConfig::CertAndStatus::~CertAndStatus() = default; SSLConfig::SSLConfig() - : version_min(kDefaultSSLVersionMin), - version_max(kDefaultSSLVersionMax), - early_data_enabled(false), - false_start_enabled(true), + : early_data_enabled(false), require_ecdhe(false), ignore_certificate_errors(false), disable_cert_verification_network_fetches(false), - send_client_cert(false), renego_allowed_default(false), privacy_mode(PRIVACY_MODE_DISABLED) {} diff --git a/chromium/net/ssl/ssl_config.h b/chromium/net/ssl/ssl_config.h index 44ea9fb18ad..11f360bc57c 100644 --- a/chromium/net/ssl/ssl_config.h +++ b/chromium/net/ssl/ssl_config.h @@ -8,6 +8,7 @@ #include #include "base/memory/ref_counted.h" +#include "base/optional.h" #include "net/base/net_export.h" #include "net/base/network_isolation_key.h" #include "net/base/privacy_mode.h" @@ -54,12 +55,11 @@ struct NET_EXPORT SSLConfig { // configuration. int GetCertVerifyFlags() const; - // The minimum and maximum protocol versions that are enabled. - // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) - // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it - // means no protocol versions are enabled. - uint16_t version_min; - uint16_t version_max; + // If specified, the minimum and maximum protocol versions that are enabled. + // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) If + // unspecified, values from the SSLConfigService are used. + base::Optional version_min_override; + base::Optional version_max_override; // Whether early data is enabled on this connection. Note that early data has // weaker security properties than normal data and changes the @@ -75,18 +75,6 @@ struct NET_EXPORT SSLConfig { // If unsure, do not enable this option. bool early_data_enabled; - // Presorted list of cipher suites which should be explicitly prevented from - // being used in addition to those disabled by the net built-in policy. - // - // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in - // big-endian form, they should be declared in host byte order, with the - // first uint8_t occupying the most significant byte. - // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to - // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. - std::vector disabled_cipher_suites; - - bool false_start_enabled; // True if we'll use TLS False Start. - // If true, causes only ECDHE cipher suites to be enabled. bool require_ecdhe; @@ -120,9 +108,6 @@ struct NET_EXPORT SSLConfig { // deadlock. bool disable_cert_verification_network_fetches; - // True if we should send client_cert to the server. - bool send_client_cert; - // The list of application level protocols supported with ALPN (Application // Layer Protocol Negotiation), in decreasing order of preference. Protocols // will be advertised in this order during TLS handshake. @@ -135,9 +120,6 @@ struct NET_EXPORT SSLConfig { // The list of application-level protocols to enable renegotiation for. NextProtoVector renego_allowed_for_protos; - scoped_refptr client_cert; - scoped_refptr client_private_key; - // If the PartitionSSLSessionsByNetworkIsolationKey feature is enabled, the // session cache is partitioned by this value. NetworkIsolationKey network_isolation_key; diff --git a/chromium/net/ssl/ssl_config_service.cc b/chromium/net/ssl/ssl_config_service.cc index 3abd32898ca..a35d6b0a0b8 100644 --- a/chromium/net/ssl/ssl_config_service.cc +++ b/chromium/net/ssl/ssl_config_service.cc @@ -12,19 +12,26 @@ namespace net { namespace { -// Checks if the config-service managed fields in two SSLConfigs are the same. -bool SSLConfigsAreEqual(const net::SSLConfig& config1, - const net::SSLConfig& config2) { +// Checks if the config-service managed fields in two SSLContextConfigs are the +// same. +bool SSLContextConfigsAreEqual(const net::SSLContextConfig& config1, + const net::SSLContextConfig& config2) { return std::tie(config1.version_min, config1.version_max, - config1.disabled_cipher_suites, config1.false_start_enabled, - config1.require_ecdhe) == + config1.disabled_cipher_suites) == std::tie(config2.version_min, config2.version_max, - config2.disabled_cipher_suites, config2.false_start_enabled, - config2.require_ecdhe); + config2.disabled_cipher_suites); } } // namespace +SSLContextConfig::SSLContextConfig() = default; +SSLContextConfig::SSLContextConfig(const SSLContextConfig&) = default; +SSLContextConfig::SSLContextConfig(SSLContextConfig&&) = default; +SSLContextConfig::~SSLContextConfig() = default; +SSLContextConfig& SSLContextConfig::operator=(const SSLContextConfig&) = + default; +SSLContextConfig& SSLContextConfig::operator=(SSLContextConfig&&) = default; + SSLConfigService::SSLConfigService() : observer_list_(base::ObserverListPolicy::EXISTING_ONLY) {} @@ -38,23 +45,23 @@ void SSLConfigService::RemoveObserver(Observer* observer) { observer_list_.RemoveObserver(observer); } -void SSLConfigService::NotifySSLConfigChange() { +void SSLConfigService::NotifySSLContextConfigChange() { for (auto& observer : observer_list_) - observer.OnSSLConfigChanged(); + observer.OnSSLContextConfigChanged(); } -bool SSLConfigService::SSLConfigsAreEqualForTesting( - const net::SSLConfig& config1, - const net::SSLConfig& config2) { - return SSLConfigsAreEqual(config1, config2); +bool SSLConfigService::SSLContextConfigsAreEqualForTesting( + const SSLContextConfig& config1, + const SSLContextConfig& config2) { + return SSLContextConfigsAreEqual(config1, config2); } -void SSLConfigService::ProcessConfigUpdate(const SSLConfig& old_config, - const SSLConfig& new_config, +void SSLConfigService::ProcessConfigUpdate(const SSLContextConfig& old_config, + const SSLContextConfig& new_config, bool force_notification) { // Do nothing if the configuration hasn't changed. - if (!SSLConfigsAreEqual(old_config, new_config) || force_notification) - NotifySSLConfigChange(); + if (!SSLContextConfigsAreEqual(old_config, new_config) || force_notification) + NotifySSLContextConfigChange(); } } // namespace net diff --git a/chromium/net/ssl/ssl_config_service.h b/chromium/net/ssl/ssl_config_service.h index 9136a653c6f..73c7080bcd8 100644 --- a/chromium/net/ssl/ssl_config_service.h +++ b/chromium/net/ssl/ssl_config_service.h @@ -14,7 +14,33 @@ namespace net { -// The interface for retrieving the SSL configuration. This interface +struct NET_EXPORT SSLContextConfig { + SSLContextConfig(); + SSLContextConfig(const SSLContextConfig&); + SSLContextConfig(SSLContextConfig&&); + ~SSLContextConfig(); + SSLContextConfig& operator=(const SSLContextConfig&); + SSLContextConfig& operator=(SSLContextConfig&&); + + // The minimum and maximum protocol versions that are enabled. + // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h.) + // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it + // means no protocol versions are enabled. + uint16_t version_min = kDefaultSSLVersionMin; + uint16_t version_max = kDefaultSSLVersionMax; + + // Presorted list of cipher suites which should be explicitly prevented from + // being used in addition to those disabled by the net built-in policy. + // + // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in + // big-endian form, they should be declared in host byte order, with the + // first uint8_t occupying the most significant byte. + // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to + // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. + std::vector disabled_cipher_suites; +}; + +// The interface for retrieving global SSL configuration. This interface // does not cover setting the SSL configuration, as on some systems, the // SSLConfigService objects may not have direct access to the configuration, or // live longer than the configuration preferences. @@ -23,15 +49,8 @@ class NET_EXPORT SSLConfigService { // Observer is notified when SSL config settings have changed. class NET_EXPORT Observer { public: - // Notify observers if SSL settings have changed. We don't check all of the - // data in SSLConfig, just those that qualify as a user config change. - // The following settings are considered user changes: - // version_min - // version_max - // disabled_cipher_suites - // false_start_enabled - // require_ecdhe - virtual void OnSSLConfigChanged() = 0; + // Notify observers if SSL settings have changed. + virtual void OnSSLContextConfigChanged() = 0; protected: virtual ~Observer() {} @@ -41,7 +60,7 @@ class NET_EXPORT SSLConfigService { virtual ~SSLConfigService(); // May not be thread-safe, should only be called on the IO thread. - virtual void GetSSLConfig(SSLConfig* config) = 0; + virtual SSLContextConfig GetSSLContextConfig() = 0; // Returns true if connections to |hostname| can reuse, or are permitted to // reuse, connections on which a client cert has been negotiated. Note that @@ -75,20 +94,22 @@ class NET_EXPORT SSLConfigService { // Remove an observer of this service. void RemoveObserver(Observer* observer); - // Calls the OnSSLConfigChanged method of registered observers. Should only be - // called on the IO thread. - void NotifySSLConfigChange(); + // Calls the OnSSLContextConfigChanged method of registered observers. Should + // only be called on the IO thread. + void NotifySSLContextConfigChange(); - // Checks if the config-service managed fields in two SSLConfigs are the same. - static bool SSLConfigsAreEqualForTesting(const net::SSLConfig& config1, - const net::SSLConfig& config2); + // Checks if the config-service managed fields in two SSLContextConfigs are + // the same. + static bool SSLContextConfigsAreEqualForTesting( + const SSLContextConfig& config1, + const SSLContextConfig& config2); protected: // Process before/after config update. If |force_notification| is true, - // NotifySSLConfigChange will be called regardless of whether |orig_config| - // and |new_config| are equal. - void ProcessConfigUpdate(const SSLConfig& orig_config, - const SSLConfig& new_config, + // NotifySSLContextConfigChange will be called regardless of whether + // |orig_config| and |new_config| are equal. + void ProcessConfigUpdate(const SSLContextConfig& orig_config, + const SSLContextConfig& new_config, bool force_notification); private: diff --git a/chromium/net/ssl/ssl_config_service_defaults.cc b/chromium/net/ssl/ssl_config_service_defaults.cc index f594f71a00d..9348bb16489 100644 --- a/chromium/net/ssl/ssl_config_service_defaults.cc +++ b/chromium/net/ssl/ssl_config_service_defaults.cc @@ -9,8 +9,8 @@ namespace net { SSLConfigServiceDefaults::SSLConfigServiceDefaults() = default; SSLConfigServiceDefaults::~SSLConfigServiceDefaults() = default; -void SSLConfigServiceDefaults::GetSSLConfig(SSLConfig* config) { - *config = default_config_; +SSLContextConfig SSLConfigServiceDefaults::GetSSLContextConfig() { + return default_config_; } bool SSLConfigServiceDefaults::CanShareConnectionWithClientCerts( diff --git a/chromium/net/ssl/ssl_config_service_defaults.h b/chromium/net/ssl/ssl_config_service_defaults.h index ae7c4776623..ab5bb4bc448 100644 --- a/chromium/net/ssl/ssl_config_service_defaults.h +++ b/chromium/net/ssl/ssl_config_service_defaults.h @@ -19,15 +19,15 @@ class NET_EXPORT SSLConfigServiceDefaults : public SSLConfigService { SSLConfigServiceDefaults(); ~SSLConfigServiceDefaults() override; - // Store default SSL config settings in |config|. - void GetSSLConfig(SSLConfig* config) override; + // Returns the default SSL config settings. + SSLContextConfig GetSSLContextConfig() override; bool CanShareConnectionWithClientCerts( const std::string& hostname) const override; private: // Default value of prefs. - const SSLConfig default_config_; + const SSLContextConfig default_config_; DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceDefaults); }; diff --git a/chromium/net/ssl/ssl_config_service_unittest.cc b/chromium/net/ssl/ssl_config_service_unittest.cc index 4763a7b6476..15d06cc5678 100644 --- a/chromium/net/ssl/ssl_config_service_unittest.cc +++ b/chromium/net/ssl/ssl_config_service_unittest.cc @@ -15,21 +15,22 @@ namespace { class MockSSLConfigService : public SSLConfigService { public: - explicit MockSSLConfigService(const SSLConfig& config) : config_(config) {} + explicit MockSSLConfigService(const SSLContextConfig& config) + : config_(config) {} ~MockSSLConfigService() override = default; // SSLConfigService implementation - void GetSSLConfig(SSLConfig* config) override { *config = config_; } + SSLContextConfig GetSSLContextConfig() override { return config_; } bool CanShareConnectionWithClientCerts( const std::string& hostname) const override { return false; } - // Sets the SSLConfig to be returned by GetSSLConfig and processes any - // updates. - void SetSSLConfig(const SSLConfig& config) { - SSLConfig old_config = config_; + // Sets the SSLContextConfig to be returned by GetSSLContextConfig and + // processes any updates. + void SetSSLContextConfig(const SSLContextConfig& config) { + SSLContextConfig old_config = config_; config_ = config; ProcessConfigUpdate(old_config, config_, /*force_notification*/ false); } @@ -37,7 +38,7 @@ class MockSSLConfigService : public SSLConfigService { using SSLConfigService::ProcessConfigUpdate; private: - SSLConfig config_; + SSLContextConfig config_; }; class MockSSLConfigServiceObserver : public SSLConfigService::Observer { @@ -45,14 +46,13 @@ class MockSSLConfigServiceObserver : public SSLConfigService::Observer { MockSSLConfigServiceObserver() = default; ~MockSSLConfigServiceObserver() override = default; - MOCK_METHOD0(OnSSLConfigChanged, void()); + MOCK_METHOD0(OnSSLContextConfigChanged, void()); }; } // namespace TEST(SSLConfigServiceTest, NoChangesWontNotifyObservers) { - SSLConfig initial_config; - initial_config.false_start_enabled = false; + SSLContextConfig initial_config; initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1; initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; @@ -60,15 +60,14 @@ TEST(SSLConfigServiceTest, NoChangesWontNotifyObservers) { MockSSLConfigServiceObserver observer; mock_service.AddObserver(&observer); - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(0); - mock_service.SetSSLConfig(initial_config); + EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(0); + mock_service.SetSSLContextConfig(initial_config); mock_service.RemoveObserver(&observer); } TEST(SSLConfigServiceTest, ForceNotificationNotifiesObservers) { - SSLConfig initial_config; - initial_config.false_start_enabled = false; + SSLContextConfig initial_config; initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1; initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; @@ -76,16 +75,14 @@ TEST(SSLConfigServiceTest, ForceNotificationNotifiesObservers) { MockSSLConfigServiceObserver observer; mock_service.AddObserver(&observer); - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); + EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1); mock_service.ProcessConfigUpdate(initial_config, initial_config, true); mock_service.RemoveObserver(&observer); } TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) { - SSLConfig initial_config; - initial_config.false_start_enabled = false; - initial_config.require_ecdhe = false; + SSLContextConfig initial_config; initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1; initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; @@ -93,23 +90,14 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) { MockSSLConfigServiceObserver observer; mock_service.AddObserver(&observer); - // Test that the basic boolean preferences trigger updates. - initial_config.false_start_enabled = true; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service.SetSSLConfig(initial_config); - - initial_config.require_ecdhe = true; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service.SetSSLConfig(initial_config); - // Test that changing the SSL version range triggers updates. initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1_1; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service.SetSSLConfig(initial_config); + EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1); + mock_service.SetSSLContextConfig(initial_config); initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service.SetSSLConfig(initial_config); + EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1); + mock_service.SetSSLContextConfig(initial_config); // Test that disabling certain cipher suites triggers an update. std::vector disabled_ciphers; @@ -117,22 +105,22 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) { disabled_ciphers.push_back(0xBEEFu); disabled_ciphers.push_back(0xDEADu); initial_config.disabled_cipher_suites = disabled_ciphers; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service.SetSSLConfig(initial_config); + EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1); + mock_service.SetSSLContextConfig(initial_config); // Ensure that changing a disabled cipher suite, while still maintaining // sorted order, triggers an update. disabled_ciphers[1] = 0xCAFEu; initial_config.disabled_cipher_suites = disabled_ciphers; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service.SetSSLConfig(initial_config); + EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1); + mock_service.SetSSLContextConfig(initial_config); // Ensure that removing a disabled cipher suite, while still keeping some // cipher suites disabled, triggers an update. disabled_ciphers.pop_back(); initial_config.disabled_cipher_suites = disabled_ciphers; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service.SetSSLConfig(initial_config); + EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1); + mock_service.SetSSLContextConfig(initial_config); mock_service.RemoveObserver(&observer); } diff --git a/chromium/net/ssl/ssl_info.h b/chromium/net/ssl/ssl_info.h index f68ece8d7f3..63376ad7c1b 100644 --- a/chromium/net/ssl/ssl_info.h +++ b/chromium/net/ssl/ssl_info.h @@ -133,6 +133,11 @@ class NET_EXPORT SSLInfo { // True if there was a certificate error which should be treated as fatal, // and false otherwise. bool is_fatal_cert_error = false; + + // Indicates if the server connected to signaled that it is part of a + // post-quantum experiment. I.e. it would have negotiated CECPQ2 or CECPQ2b + // key exchanges if they were requested. + bool server_in_post_quantum_experiment = false; }; } // namespace net diff --git a/chromium/net/ssl/ssl_key_logger_impl.cc b/chromium/net/ssl/ssl_key_logger_impl.cc index a759feefcf0..8cc565be32a 100644 --- a/chromium/net/ssl/ssl_key_logger_impl.cc +++ b/chromium/net/ssl/ssl_key_logger_impl.cc @@ -7,6 +7,7 @@ #include #include +#include #include "base/bind.h" #include "base/files/file_util.h" @@ -42,8 +43,15 @@ class SSLKeyLoggerImpl::Core // waiting to flush these to disk, but some buggy antiviruses point this at // a pipe and hang, so we avoid blocking shutdown. If writing to a real // file, writes should complete quickly enough that this does not matter. - task_runner_ = base::CreateSequencedTaskRunnerWithTraits( - {base::MayBlock(), base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}); + task_runner_ = base::CreateSequencedTaskRunner( + {base::ThreadPool(), base::MayBlock(), + base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN}); + } + + void SetFile(base::File file) { + file_.reset(base::FileToFILE(std::move(file), "a")); + if (!file_) + DVLOG(1) << "Could not adopt file"; } void OpenFile(const base::FilePath& path) { @@ -76,7 +84,7 @@ class SSLKeyLoggerImpl::Core DCHECK(!file_); file_.reset(base::OpenFile(path, "a")); if (!file_) - LOG(WARNING) << "Could not open " << path.value(); + DVLOG(1) << "Could not open " << path.value(); } void Flush() { @@ -113,10 +121,15 @@ class SSLKeyLoggerImpl::Core }; SSLKeyLoggerImpl::SSLKeyLoggerImpl(const base::FilePath& path) - : core_(new Core) { + : core_(base::MakeRefCounted()) { core_->OpenFile(path); } +SSLKeyLoggerImpl::SSLKeyLoggerImpl(base::File file) + : core_(base::MakeRefCounted()) { + core_->SetFile(std::move(file)); +} + SSLKeyLoggerImpl::~SSLKeyLoggerImpl() = default; void SSLKeyLoggerImpl::WriteLine(const std::string& line) { diff --git a/chromium/net/ssl/ssl_key_logger_impl.h b/chromium/net/ssl/ssl_key_logger_impl.h index 61ae0d9170f..87f1a6be069 100644 --- a/chromium/net/ssl/ssl_key_logger_impl.h +++ b/chromium/net/ssl/ssl_key_logger_impl.h @@ -8,6 +8,7 @@ #include #include +#include "base/files/file.h" #include "base/macros.h" #include "base/memory/scoped_refptr.h" #include "net/base/net_export.h" @@ -26,6 +27,11 @@ class NET_EXPORT SSLKeyLoggerImpl : public SSLKeyLogger { // Creates a new SSLKeyLoggerImpl which writes to |path|, scheduling write // operations in the background. explicit SSLKeyLoggerImpl(const base::FilePath& path); + + // Creates a new SSLKeyLoggerImpl which writes to |file|, scheduling write + // operations in the background. + explicit SSLKeyLoggerImpl(base::File file); + ~SSLKeyLoggerImpl() override; void WriteLine(const std::string& line) override; diff --git a/chromium/net/ssl/ssl_platform_key_android_unittest.cc b/chromium/net/ssl/ssl_platform_key_android_unittest.cc index a09ebc23c54..2991098a29d 100644 --- a/chromium/net/ssl/ssl_platform_key_android_unittest.cc +++ b/chromium/net/ssl/ssl_platform_key_android_unittest.cc @@ -18,7 +18,7 @@ #include "net/ssl/ssl_private_key_test_util.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" -#include "net/test/test_with_scoped_task_environment.h" +#include "net/test/test_with_task_environment.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/include/openssl/ssl.h" @@ -75,7 +75,7 @@ std::string TestKeyToString(const testing::TestParamInfo& params) { } // namespace class SSLPlatformKeyAndroidTest : public testing::TestWithParam, - public WithScopedTaskEnvironment {}; + public WithTaskEnvironment {}; TEST_P(SSLPlatformKeyAndroidTest, Matches) { const TestKey& test_key = GetParam(); diff --git a/chromium/net/ssl/ssl_platform_key_mac_unittest.cc b/chromium/net/ssl/ssl_platform_key_mac_unittest.cc index dadc1463ef1..26c03d1bd93 100644 --- a/chromium/net/ssl/ssl_platform_key_mac_unittest.cc +++ b/chromium/net/ssl/ssl_platform_key_mac_unittest.cc @@ -12,7 +12,7 @@ #include "base/files/file_util.h" #include "base/mac/scoped_cftyperef.h" #include "base/memory/ref_counted.h" -#include "base/test/scoped_task_environment.h" +#include "base/test/task_environment.h" #include "net/ssl/ssl_private_key.h" #include "net/ssl/ssl_private_key_test_util.h" #include "net/test/cert_test_util.h" @@ -48,7 +48,7 @@ std::string TestKeyToString(const testing::TestParamInfo& params) { class SSLPlatformKeyMacTest : public testing::TestWithParam {}; TEST_P(SSLPlatformKeyMacTest, KeyMatches) { - base::test::ScopedTaskEnvironment scoped_task_environment; + base::test::TaskEnvironment task_environment; const TestKey& test_key = GetParam(); diff --git a/chromium/net/ssl/ssl_platform_key_nss_unittest.cc b/chromium/net/ssl/ssl_platform_key_nss_unittest.cc index d215c228b53..4198579ffd1 100644 --- a/chromium/net/ssl/ssl_platform_key_nss_unittest.cc +++ b/chromium/net/ssl/ssl_platform_key_nss_unittest.cc @@ -25,7 +25,7 @@ #include "net/ssl/ssl_private_key_test_util.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" -#include "net/test/test_with_scoped_task_environment.h" +#include "net/test/test_with_task_environment.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/ec.h" @@ -59,7 +59,7 @@ std::string TestKeyToString(const testing::TestParamInfo& params) { } // namespace class SSLPlatformKeyNSSTest : public testing::TestWithParam, - public WithScopedTaskEnvironment {}; + public WithTaskEnvironment {}; TEST_P(SSLPlatformKeyNSSTest, KeyMatches) { const TestKey& test_key = GetParam(); diff --git a/chromium/net/ssl/ssl_platform_key_win_unittest.cc b/chromium/net/ssl/ssl_platform_key_win_unittest.cc index 0abf9337a80..bcebd20e96e 100644 --- a/chromium/net/ssl/ssl_platform_key_win_unittest.cc +++ b/chromium/net/ssl/ssl_platform_key_win_unittest.cc @@ -9,14 +9,14 @@ #include "base/files/file_path.h" #include "base/files/file_util.h" -#include "base/test/scoped_task_environment.h" +#include "base/test/task_environment.h" #include "crypto/scoped_capi_types.h" #include "net/cert/x509_certificate.h" #include "net/ssl/ssl_private_key.h" #include "net/ssl/ssl_private_key_test_util.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" -#include "net/test/test_with_scoped_task_environment.h" +#include "net/test/test_with_task_environment.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/include/openssl/bn.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" @@ -223,7 +223,7 @@ bool PKCS8ToBLOBForCNG(const std::string& pkcs8, } // namespace class SSLPlatformKeyCNGTest : public testing::TestWithParam, - public WithScopedTaskEnvironment {}; + public WithTaskEnvironment {}; TEST_P(SSLPlatformKeyCNGTest, KeyMatches) { const TestKey& test_key = GetParam(); @@ -274,7 +274,7 @@ INSTANTIATE_TEST_SUITE_P(, TestKeyToString); TEST(SSLPlatformKeyCAPITest, KeyMatches) { - base::test::ScopedTaskEnvironment scoped_task_environment; + base::test::TaskEnvironment task_environment; // Load test data. scoped_refptr cert = diff --git a/chromium/net/ssl/test_ssl_config_service.cc b/chromium/net/ssl/test_ssl_config_service.cc new file mode 100644 index 00000000000..1d11fe7c9ec --- /dev/null +++ b/chromium/net/ssl/test_ssl_config_service.cc @@ -0,0 +1,29 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/ssl/test_ssl_config_service.h" + +namespace net { + +TestSSLConfigService::TestSSLConfigService(const SSLContextConfig& config) + : config_(config) {} + +TestSSLConfigService::~TestSSLConfigService() = default; + +SSLContextConfig TestSSLConfigService::GetSSLContextConfig() { + return config_; +} + +bool TestSSLConfigService::CanShareConnectionWithClientCerts( + const std::string& hostname) const { + return false; +} + +void TestSSLConfigService::UpdateSSLConfigAndNotify( + const SSLContextConfig& config) { + config_ = config; + NotifySSLContextConfigChange(); +} + +} // namespace net diff --git a/chromium/net/ssl/test_ssl_config_service.h b/chromium/net/ssl/test_ssl_config_service.h new file mode 100644 index 00000000000..cd7b04e5d32 --- /dev/null +++ b/chromium/net/ssl/test_ssl_config_service.h @@ -0,0 +1,29 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SSL_TEST_SSL_CONFIG_SERVICE_H_ +#define NET_SSL_TEST_SSL_CONFIG_SERVICE_H_ + +#include "net/ssl/ssl_config_service.h" + +namespace net { + +class TestSSLConfigService : public SSLConfigService { + public: + explicit TestSSLConfigService(const SSLContextConfig& config); + ~TestSSLConfigService() override; + + void UpdateSSLConfigAndNotify(const SSLContextConfig& config); + + SSLContextConfig GetSSLContextConfig() override; + bool CanShareConnectionWithClientCerts( + const std::string& hostname) const override; + + private: + SSLContextConfig config_; +}; + +} // namespace net + +#endif // NET_SSL_TEST_SSL_CONFIG_SERVICE_H_ -- cgit v1.2.1