Update NSS to 3.36.4-RTM

author: JustOff <Off.Just.Off@gmail.com> 2018-06-09 15:11:22 +0300
committer: JustOff <Off.Just.Off@gmail.com> 2018-06-11 16:42:50 +0300
commit: f83f62e1bff0c2aedc32e67fe369ba923c5b104a (patch)
tree: fbb69e76754552dde5c3c5d4fe928ed9693f601a /security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
parent: 75323087aea91719bbb4f766bc6298d0618f0163 (diff)
download: UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.gz
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.lz
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.xz
UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.zip
1 files changed, 15 insertions, 24 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
index 9db293b07..4e9099561 100644
--- a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
@@ -56,18 +56,15 @@ TEST_P(TlsConnectGeneric, ServerNegotiateTls12) {
 // two validate that we can also detect fallback using the
 // SSL_SetDowngradeCheckVersion() API.
 TEST_F(TlsConnectTest, TestDowngradeDetectionToTls11) {
-  client_->SetPacketFilter(
-      std::make_shared<TlsInspectorClientHelloVersionSetter>(
-          SSL_LIBRARY_VERSION_TLS_1_1));
+  MakeTlsFilter<TlsClientHelloVersionSetter>(client_,
+                                             SSL_LIBRARY_VERSION_TLS_1_1);
   ConnectExpectFail();
   ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
 }
 
 /* Attempt to negotiate the bogus DTLS 1.1 version. */
 TEST_F(DtlsConnectTest, TestDtlsVersion11) {
-  client_->SetPacketFilter(
-      std::make_shared<TlsInspectorClientHelloVersionSetter>(
-          ((~0x0101) & 0xffff)));
+  MakeTlsFilter<TlsClientHelloVersionSetter>(client_, ((~0x0101) & 0xffff));
   ConnectExpectFail();
   // It's kind of surprising that SSL_ERROR_NO_CYPHER_OVERLAP is
   // what is returned here, but this is deliberate in ssl3_HandleAlert().
@@ -78,9 +75,8 @@ TEST_F(DtlsConnectTest, TestDtlsVersion11) {
 // Disabled as long as we have draft version.
 TEST_F(TlsConnectTest, TestDowngradeDetectionToTls12) {
   EnsureTlsSetup();
-  client_->SetPacketFilter(
-      std::make_shared<TlsInspectorClientHelloVersionSetter>(
-          SSL_LIBRARY_VERSION_TLS_1_2));
+  MakeTlsFilter<TlsClientHelloVersionSetter>(client_,
+                                             SSL_LIBRARY_VERSION_TLS_1_2);
   client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
@@ -92,9 +88,8 @@ TEST_F(TlsConnectTest, TestDowngradeDetectionToTls12) {
 // TLS 1.1 clients do not check the random values, so we should
 // instead get a handshake failure alert from the server.
 TEST_F(TlsConnectTest, TestDowngradeDetectionToTls10) {
-  client_->SetPacketFilter(
-      std::make_shared<TlsInspectorClientHelloVersionSetter>(
-          SSL_LIBRARY_VERSION_TLS_1_0));
+  MakeTlsFilter<TlsClientHelloVersionSetter>(client_,
+                                             SSL_LIBRARY_VERSION_TLS_1_0);
   client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
                            SSL_LIBRARY_VERSION_TLS_1_1);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
@@ -177,12 +172,10 @@ class Tls13NoSupportedVersions : public TlsConnectStreamTls12 {
     client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
                              SSL_LIBRARY_VERSION_TLS_1_2);
     server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, max_server_version);
-    client_->SetPacketFilter(
-        std::make_shared<TlsInspectorClientHelloVersionSetter>(
-            overwritten_client_version));
-    auto capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
-        kTlsHandshakeServerHello);
-    server_->SetPacketFilter(capture);
+    MakeTlsFilter<TlsClientHelloVersionSetter>(client_,
+                                               overwritten_client_version);
+    auto capture =
+        MakeTlsFilter<TlsHandshakeRecorder>(server_, kTlsHandshakeServerHello);
     ConnectExpectAlert(server_, kTlsAlertDecryptError);
     client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
     server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
@@ -214,12 +207,10 @@ TEST_F(Tls13NoSupportedVersions,
 // Offer 1.3 but with ClientHello.legacy_version == TLS 1.4. This
 // causes a bad MAC error when we read EncryptedExtensions.
 TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) {
-  client_->SetPacketFilter(
-      std::make_shared<TlsInspectorClientHelloVersionSetter>(
-          SSL_LIBRARY_VERSION_TLS_1_3 + 1));
-  auto capture =
-      std::make_shared<TlsExtensionCapture>(ssl_tls13_supported_versions_xtn);
-  server_->SetPacketFilter(capture);
+  MakeTlsFilter<TlsClientHelloVersionSetter>(client_,
+                                             SSL_LIBRARY_VERSION_TLS_1_3 + 1);
+  auto capture = MakeTlsFilter<TlsExtensionCapture>(
+      server_, ssl_tls13_supported_versions_xtn);
   client_->ExpectSendAlert(kTlsAlertBadRecordMac);
   server_->ExpectSendAlert(kTlsAlertBadRecordMac);
   ConnectExpectFail();
author	JustOff <Off.Just.Off@gmail.com>	2018-06-09 15:11:22 +0300
committer	JustOff <Off.Just.Off@gmail.com>	2018-06-11 16:42:50 +0300
commit	f83f62e1bff0c2aedc32e67fe369ba923c5b104a (patch)
tree	fbb69e76754552dde5c3c5d4fe928ed9693f601a /security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
parent	75323087aea91719bbb4f766bc6298d0618f0163 (diff)
download	UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.gz UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.lz UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.xz UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.zip