diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-06-12 00:58:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-12 00:58:35 +0200 |
commit | b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387 (patch) | |
tree | 40d946c5ff23b3c0c09558f478cc68e87cc71448 /security/nss/gtests/ssl_gtest/ssl_version_unittest.cc | |
parent | b1d82a62259c6888ea6f3f71f3e0973ea4b4e85e (diff) | |
parent | 505a561549b5226fd3c7905eaa61fe787dfad243 (diff) | |
download | UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.gz UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.lz UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.xz UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.zip |
Merge pull request #477 from JustOff/PR_nss-3.36
Update NSS/NSPR to 3.36.4/4.19
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_version_unittest.cc')
-rw-r--r-- | security/nss/gtests/ssl_gtest/ssl_version_unittest.cc | 39 |
1 files changed, 15 insertions, 24 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc index 9db293b07..4e9099561 100644 --- a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc @@ -56,18 +56,15 @@ TEST_P(TlsConnectGeneric, ServerNegotiateTls12) { // two validate that we can also detect fallback using the // SSL_SetDowngradeCheckVersion() API. TEST_F(TlsConnectTest, TestDowngradeDetectionToTls11) { - client_->SetPacketFilter( - std::make_shared<TlsInspectorClientHelloVersionSetter>( - SSL_LIBRARY_VERSION_TLS_1_1)); + MakeTlsFilter<TlsClientHelloVersionSetter>(client_, + SSL_LIBRARY_VERSION_TLS_1_1); ConnectExpectFail(); ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code()); } /* Attempt to negotiate the bogus DTLS 1.1 version. */ TEST_F(DtlsConnectTest, TestDtlsVersion11) { - client_->SetPacketFilter( - std::make_shared<TlsInspectorClientHelloVersionSetter>( - ((~0x0101) & 0xffff))); + MakeTlsFilter<TlsClientHelloVersionSetter>(client_, ((~0x0101) & 0xffff)); ConnectExpectFail(); // It's kind of surprising that SSL_ERROR_NO_CYPHER_OVERLAP is // what is returned here, but this is deliberate in ssl3_HandleAlert(). @@ -78,9 +75,8 @@ TEST_F(DtlsConnectTest, TestDtlsVersion11) { // Disabled as long as we have draft version. TEST_F(TlsConnectTest, TestDowngradeDetectionToTls12) { EnsureTlsSetup(); - client_->SetPacketFilter( - std::make_shared<TlsInspectorClientHelloVersionSetter>( - SSL_LIBRARY_VERSION_TLS_1_2)); + MakeTlsFilter<TlsClientHelloVersionSetter>(client_, + SSL_LIBRARY_VERSION_TLS_1_2); client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, SSL_LIBRARY_VERSION_TLS_1_3); server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, @@ -92,9 +88,8 @@ TEST_F(TlsConnectTest, TestDowngradeDetectionToTls12) { // TLS 1.1 clients do not check the random values, so we should // instead get a handshake failure alert from the server. TEST_F(TlsConnectTest, TestDowngradeDetectionToTls10) { - client_->SetPacketFilter( - std::make_shared<TlsInspectorClientHelloVersionSetter>( - SSL_LIBRARY_VERSION_TLS_1_0)); + MakeTlsFilter<TlsClientHelloVersionSetter>(client_, + SSL_LIBRARY_VERSION_TLS_1_0); client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_1); server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, @@ -177,12 +172,10 @@ class Tls13NoSupportedVersions : public TlsConnectStreamTls12 { client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, SSL_LIBRARY_VERSION_TLS_1_2); server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, max_server_version); - client_->SetPacketFilter( - std::make_shared<TlsInspectorClientHelloVersionSetter>( - overwritten_client_version)); - auto capture = std::make_shared<TlsInspectorRecordHandshakeMessage>( - kTlsHandshakeServerHello); - server_->SetPacketFilter(capture); + MakeTlsFilter<TlsClientHelloVersionSetter>(client_, + overwritten_client_version); + auto capture = + MakeTlsFilter<TlsHandshakeRecorder>(server_, kTlsHandshakeServerHello); ConnectExpectAlert(server_, kTlsAlertDecryptError); client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT); server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); @@ -214,12 +207,10 @@ TEST_F(Tls13NoSupportedVersions, // Offer 1.3 but with ClientHello.legacy_version == TLS 1.4. This // causes a bad MAC error when we read EncryptedExtensions. TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) { - client_->SetPacketFilter( - std::make_shared<TlsInspectorClientHelloVersionSetter>( - SSL_LIBRARY_VERSION_TLS_1_3 + 1)); - auto capture = - std::make_shared<TlsExtensionCapture>(ssl_tls13_supported_versions_xtn); - server_->SetPacketFilter(capture); + MakeTlsFilter<TlsClientHelloVersionSetter>(client_, + SSL_LIBRARY_VERSION_TLS_1_3 + 1); + auto capture = MakeTlsFilter<TlsExtensionCapture>( + server_, ssl_tls13_supported_versions_xtn); client_->ExpectSendAlert(kTlsAlertBadRecordMac); server_->ExpectSendAlert(kTlsAlertBadRecordMac); ConnectExpectFail(); |