summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/tls_agent.cc
diff options
context:
space:
mode:
authorJustOff <Off.Just.Off@gmail.com>2018-06-09 15:11:22 +0300
committerJustOff <Off.Just.Off@gmail.com>2018-06-11 16:42:50 +0300
commitf83f62e1bff0c2aedc32e67fe369ba923c5b104a (patch)
treefbb69e76754552dde5c3c5d4fe928ed9693f601a /security/nss/gtests/ssl_gtest/tls_agent.cc
parent75323087aea91719bbb4f766bc6298d0618f0163 (diff)
downloadUXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.gz
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.lz
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.xz
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.zip
Update NSS to 3.36.4-RTM
Diffstat (limited to 'security/nss/gtests/ssl_gtest/tls_agent.cc')
-rw-r--r--security/nss/gtests/ssl_gtest/tls_agent.cc53
1 files changed, 52 insertions, 1 deletions
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.cc b/security/nss/gtests/ssl_gtest/tls_agent.cc
index 3b939bba8..2f71caedb 100644
--- a/security/nss/gtests/ssl_gtest/tls_agent.cc
+++ b/security/nss/gtests/ssl_gtest/tls_agent.cc
@@ -12,6 +12,7 @@
#include "sslerr.h"
#include "sslexp.h"
#include "sslproto.h"
+#include "tls_filter.h"
#include "tls_parser.h"
extern "C" {
@@ -66,6 +67,7 @@ TlsAgent::TlsAgent(const std::string& name, Role role,
expected_sent_alert_(kTlsAlertCloseNotify),
expected_sent_alert_level_(kTlsAlertWarning),
handshake_callback_called_(false),
+ resumption_callback_called_(false),
error_code_(0),
send_ctr_(0),
recv_ctr_(0),
@@ -73,7 +75,8 @@ TlsAgent::TlsAgent(const std::string& name, Role role,
handshake_callback_(),
auth_certificate_callback_(),
sni_callback_(),
- skip_version_checks_(false) {
+ skip_version_checks_(false),
+ resumption_token_() {
memset(&info_, 0, sizeof(info_));
memset(&csinfo_, 0, sizeof(csinfo_));
SECStatus rv = SSL_VersionRangeGetDefault(variant_, &vrange_);
@@ -182,6 +185,10 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
ScopedCERTCertList anchors(CERT_NewCertList());
rv = SSL_SetTrustAnchors(ssl_fd(), anchors.get());
if (rv != SECSuccess) return false;
+
+ rv = SSL_SetMaxEarlyDataSize(ssl_fd(), 1024);
+ EXPECT_EQ(SECSuccess, rv);
+ if (rv != SECSuccess) return false;
} else {
rv = SSL_SetURL(ssl_fd(), "server");
EXPECT_EQ(SECSuccess, rv);
@@ -207,6 +214,29 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
return true;
}
+bool TlsAgent::MaybeSetResumptionToken() {
+ if (!resumption_token_.empty()) {
+ SECStatus rv = SSL_SetResumptionToken(ssl_fd(), resumption_token_.data(),
+ resumption_token_.size());
+
+ // rv is SECFailure with error set to SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR
+ // if the resumption token was bad (expired/malformed/etc.).
+ if (expect_resumption_) {
+ // Only in case we expect resumption this has to be successful. We might
+ // not expect resumption due to some reason but the token is totally fine.
+ EXPECT_EQ(SECSuccess, rv);
+ }
+ if (rv != SECSuccess) {
+ EXPECT_EQ(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR, PORT_GetError());
+ resumption_token_.clear();
+ EXPECT_FALSE(expect_resumption_);
+ if (expect_resumption_) return false;
+ }
+ }
+
+ return true;
+}
+
void TlsAgent::SetupClientAuth() {
EXPECT_TRUE(EnsureTlsSetup());
ASSERT_EQ(CLIENT, role_);
@@ -386,6 +416,27 @@ void TlsAgent::SetVersionRange(uint16_t minver, uint16_t maxver) {
}
}
+SECStatus ResumptionTokenCallback(PRFileDesc* fd,
+ const PRUint8* resumptionToken,
+ unsigned int len, void* ctx) {
+ EXPECT_NE(nullptr, resumptionToken);
+ if (!resumptionToken) {
+ return SECFailure;
+ }
+
+ std::vector<uint8_t> new_token(resumptionToken, resumptionToken + len);
+ reinterpret_cast<TlsAgent*>(ctx)->SetResumptionToken(new_token);
+ reinterpret_cast<TlsAgent*>(ctx)->SetResumptionCallbackCalled();
+ return SECSuccess;
+}
+
+void TlsAgent::SetResumptionTokenCallback() {
+ EXPECT_TRUE(EnsureTlsSetup());
+ SECStatus rv =
+ SSL_SetResumptionTokenCallback(ssl_fd(), ResumptionTokenCallback, this);
+ EXPECT_EQ(SECSuccess, rv);
+}
+
void TlsAgent::GetVersionRange(uint16_t* minver, uint16_t* maxver) {
*minver = vrange_.min;
*maxver = vrange_.max;