mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1130670 - Remove dead code that tracks strongCipherStatus. r=keeler
This commit is contained in:
Masatoshi Kimura
parent
c69ed4d7e6
commit
e34dc73e15
@ -820,14 +820,10 @@ nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName,
|
||||
entry.intolerant = entry.tolerant + 1;
|
||||
entry.intoleranceReason = 0; // lose the reason
|
||||
}
|
||||
if (entry.strongCipherStatus == StrongCipherStatusUnknown) {
|
||||
entry.strongCipherStatus = StrongCiphersWorked;
|
||||
}
|
||||
} else {
|
||||
entry.tolerant = tolerant;
|
||||
entry.intolerant = 0;
|
||||
entry.intoleranceReason = 0;
|
||||
entry.strongCipherStatus = StrongCiphersWorked;
|
||||
}
|
||||
|
||||
entry.AssertInvariant();
|
||||
@ -852,9 +848,6 @@ nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
|
||||
tolerant = entry.tolerant;
|
||||
entry.intolerant = 0;
|
||||
entry.intoleranceReason = 0;
|
||||
if (entry.strongCipherStatus != StrongCiphersWorked) {
|
||||
entry.strongCipherStatus = StrongCipherStatusUnknown;
|
||||
}
|
||||
|
||||
entry.AssertInvariant();
|
||||
mTLSIntoleranceInfo.Put(key, entry);
|
||||
@ -945,7 +938,6 @@ nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
|
||||
}
|
||||
} else {
|
||||
entry.tolerant = 0;
|
||||
entry.strongCipherStatus = StrongCipherStatusUnknown;
|
||||
}
|
||||
|
||||
entry.intolerant = intolerant;
|
||||
@ -956,42 +948,10 @@ nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
|
||||
return true;
|
||||
}
|
||||
|
||||
// returns true if we should retry the handshake
|
||||
bool
|
||||
nsSSLIOLayerHelpers::rememberStrongCiphersFailed(const nsACString& hostName,
|
||||
int16_t port,
|
||||
PRErrorCode intoleranceReason)
|
||||
{
|
||||
nsCString key;
|
||||
getSiteKey(hostName, port, key);
|
||||
|
||||
MutexAutoLock lock(mutex);
|
||||
|
||||
IntoleranceEntry entry;
|
||||
if (mTLSIntoleranceInfo.Get(key, &entry)) {
|
||||
entry.AssertInvariant();
|
||||
if (entry.strongCipherStatus != StrongCipherStatusUnknown) {
|
||||
// We already know if the server supports a strong cipher.
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
entry.tolerant = 0;
|
||||
entry.intolerant = 0;
|
||||
entry.intoleranceReason = intoleranceReason;
|
||||
}
|
||||
|
||||
entry.strongCipherStatus = StrongCiphersFailed;
|
||||
entry.AssertInvariant();
|
||||
mTLSIntoleranceInfo.Put(key, entry);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void
|
||||
nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName,
|
||||
int16_t port,
|
||||
/*in/out*/ SSLVersionRange& range,
|
||||
/*out*/ StrongCipherStatus& strongCipherStatus)
|
||||
/*in/out*/ SSLVersionRange& range)
|
||||
{
|
||||
IntoleranceEntry entry;
|
||||
|
||||
@ -1014,7 +974,6 @@ nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName,
|
||||
range.max = entry.intolerant - 1;
|
||||
}
|
||||
}
|
||||
strongCipherStatus = entry.strongCipherStatus;
|
||||
}
|
||||
|
||||
PRErrorCode
|
||||
@ -2611,10 +2570,9 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
|
||||
}
|
||||
|
||||
uint16_t maxEnabledVersion = range.max;
|
||||
StrongCipherStatus strongCiphersStatus = StrongCipherStatusUnknown;
|
||||
infoObject->SharedState().IOLayerHelpers()
|
||||
.adjustForTLSIntolerance(infoObject->GetHostName(), infoObject->GetPort(),
|
||||
range, strongCiphersStatus);
|
||||
range);
|
||||
bool useWeakCiphers = range.max <= SSL_LIBRARY_VERSION_TLS_1_0 &&
|
||||
nsNSSComponent::AreAnyWeakCiphersEnabled();
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
|
||||
|
||||
@ -165,12 +165,6 @@ private:
|
||||
nsCOMPtr<nsIX509Cert> mClientCert;
|
||||
};
|
||||
|
||||
enum StrongCipherStatus {
|
||||
StrongCipherStatusUnknown,
|
||||
StrongCiphersWorked,
|
||||
StrongCiphersFailed
|
||||
};
|
||||
|
||||
class nsSSLIOLayerHelpers
|
||||
{
|
||||
public:
|
||||
@ -200,7 +194,6 @@ private:
|
||||
uint16_t tolerant;
|
||||
uint16_t intolerant;
|
||||
PRErrorCode intoleranceReason;
|
||||
StrongCipherStatus strongCipherStatus;
|
||||
|
||||
void AssertInvariant() const
|
||||
{
|
||||
@ -219,14 +212,11 @@ public:
|
||||
bool rememberIntolerantAtVersion(const nsACString& hostname, int16_t port,
|
||||
uint16_t intolerant, uint16_t minVersion,
|
||||
PRErrorCode intoleranceReason);
|
||||
bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port,
|
||||
PRErrorCode intoleranceReason);
|
||||
// returns the known tolerant version
|
||||
// or 0 if there is no known tolerant version
|
||||
uint16_t forgetIntolerance(const nsACString& hostname, int16_t port);
|
||||
void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
|
||||
/*in/out*/ SSLVersionRange& range,
|
||||
/*out*/ StrongCipherStatus& strongCipherStatus);
|
||||
/*in/out*/ SSLVersionRange& range);
|
||||
PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port);
|
||||
|
||||
void clearStoredData();
|
||||
|
||||
@ -27,29 +27,10 @@ TEST_F(TLSIntoleranceTest, Test_Full_Fallback_Process)
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
|
||||
|
||||
ASSERT_TRUE(
|
||||
helpers.rememberStrongCiphersFailed(
|
||||
HOST, PORT, SSL_ERROR_NO_CYPHER_OVERLAP));
|
||||
ASSERT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP,
|
||||
helpers.getIntoleranceReason(HOST, PORT));
|
||||
}
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
|
||||
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
}
|
||||
@ -57,13 +38,10 @@ TEST_F(TLSIntoleranceTest, Test_Full_Fallback_Process)
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
|
||||
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
}
|
||||
@ -71,13 +49,10 @@ TEST_F(TLSIntoleranceTest, Test_Full_Fallback_Process)
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
|
||||
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
}
|
||||
@ -86,13 +61,10 @@ TEST_F(TLSIntoleranceTest, Test_Full_Fallback_Process)
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
|
||||
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
// false because we reached the floor set by range.min
|
||||
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
@ -101,13 +73,11 @@ TEST_F(TLSIntoleranceTest, Test_Full_Fallback_Process)
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
// When rememberIntolerantAtVersion returns false, it also resets the
|
||||
// intolerance information for the server.
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
|
||||
}
|
||||
}
|
||||
|
||||
@ -155,11 +125,9 @@ TEST_F(TLSIntoleranceTest, Test_Fallback_Limit_Below_Min)
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
|
||||
}
|
||||
|
||||
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
@ -177,11 +145,9 @@ TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_1)
|
||||
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_2)
|
||||
@ -193,11 +159,9 @@ TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_2)
|
||||
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Intolerant_Does_Not_Override_Tolerant)
|
||||
@ -211,11 +175,9 @@ TEST_F(TLSIntoleranceTest, Test_Intolerant_Does_Not_Override_Tolerant)
|
||||
0));
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Port_Is_Relevant)
|
||||
@ -233,16 +195,14 @@ TEST_F(TLSIntoleranceTest, Test_Port_Is_Relevant)
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, 1, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, 1, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
}
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, 2, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, 2, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
}
|
||||
}
|
||||
@ -282,147 +242,6 @@ TEST_F(TLSIntoleranceTest, Test_Intolerance_Reason_Cleared)
|
||||
ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Strong_Ciphers_Failed)
|
||||
{
|
||||
helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_1;
|
||||
|
||||
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
|
||||
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
}
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
|
||||
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
}
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
// When rememberIntolerantAtVersion returns false, it also resets the
|
||||
// intolerance information for the server.
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
|
||||
}
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Strong_Ciphers_Failed_At_1_1)
|
||||
{
|
||||
helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_3_0;
|
||||
|
||||
// No adjustment made when there is no entry for the site.
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
}
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
}
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
|
||||
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
range.min, range.max, 0));
|
||||
}
|
||||
|
||||
{
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
}
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Strong_Ciphers_Failed_With_High_Limit)
|
||||
{
|
||||
// this value disables version fallback entirely: with this value, all efforts
|
||||
// to mark an origin as version intolerant fail
|
||||
helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
|
||||
// ...but weak ciphers fallback will not be disabled
|
||||
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2,
|
||||
0));
|
||||
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_1,
|
||||
0));
|
||||
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
|
||||
SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_0,
|
||||
0));
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Tolerant_Does_Not_Override_Weak_Ciphers_Fallback)
|
||||
{
|
||||
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
// No adjustment made when intolerant is zero.
|
||||
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, Test_Weak_Ciphers_Fallback_Does_Not_Override_Tolerant)
|
||||
{
|
||||
// No adjustment made when there is no entry for the site.
|
||||
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
|
||||
// false because strongCipherWorked is set by rememberTolerantAtVersion.
|
||||
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, TLS_Forget_Intolerance)
|
||||
{
|
||||
{
|
||||
@ -433,11 +252,9 @@ TEST_F(TLSIntoleranceTest, TLS_Forget_Intolerance)
|
||||
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
|
||||
}
|
||||
|
||||
{
|
||||
@ -445,34 +262,9 @@ TEST_F(TLSIntoleranceTest, TLS_Forget_Intolerance)
|
||||
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
|
||||
}
|
||||
}
|
||||
|
||||
TEST_F(TLSIntoleranceTest, TLS_Forget_Strong_Cipher_Failed)
|
||||
{
|
||||
{
|
||||
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
|
||||
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
|
||||
}
|
||||
|
||||
{
|
||||
helpers.forgetIntolerance(HOST, PORT);
|
||||
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
|
||||
}
|
||||
}
|
||||
|
||||
@ -483,11 +275,9 @@ TEST_F(TLSIntoleranceTest, TLS_Dont_Forget_Tolerance)
|
||||
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
|
||||
}
|
||||
|
||||
{
|
||||
@ -498,11 +288,9 @@ TEST_F(TLSIntoleranceTest, TLS_Dont_Forget_Tolerance)
|
||||
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
|
||||
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
|
||||
}
|
||||
|
||||
{
|
||||
@ -510,11 +298,9 @@ TEST_F(TLSIntoleranceTest, TLS_Dont_Forget_Tolerance)
|
||||
|
||||
SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2 };
|
||||
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
|
||||
helpers.adjustForTLSIntolerance(HOST, PORT, range);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
|
||||
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
|
||||
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user