Enable and fix CRLSet and remoting tests on non-Android OpenSSL.

We need CRLSets to work on Mac and the remoting tests can run now that SSLServerSocketOpenSSL is implemented. BUG=338885 Review URL: https://codereview.chromium.org/418173004 Cr-Commit-Position: refs/heads/master@{#290346} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290346 0039d316-1c4b-4281-b951-d872f2087c98
Denger-Network · Aug 18, 2014 · 591cffc · 591cffc
1 parent af6b37d
commit 591cffc
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 56 deletions.
diff --git a/net/net.gypi b/net/net.gypi
@@ -70,6 +70,8 @@
       'cert/cert_verifier.h',
       'cert/cert_verify_result.cc',
       'cert/cert_verify_result.h',
+      'cert/crl_set.cc',
+      'cert/crl_set.h',
       'cert/pem_tokenizer.cc',
       'cert/pem_tokenizer.h',
       'cert/signed_certificate_timestamp.cc',
@@ -149,6 +151,8 @@
       'ssl/ssl_client_cert_type.h',
       'ssl/ssl_config.cc',
       'ssl/ssl_config.h',
+      'ssl/ssl_config_service.cc',
+      'ssl/ssl_config_service.h',
       'ssl/ssl_info.cc',
       'ssl/ssl_info.h',
     ],
@@ -299,8 +303,6 @@
       'cert/cert_verify_proc_openssl.h',
       'cert/cert_verify_proc_win.cc',
       'cert/cert_verify_proc_win.h',
-      'cert/crl_set.cc',
-      'cert/crl_set.h',
       'cert/crl_set_storage.cc',
       'cert/crl_set_storage.h',
       'cert/ct_known_logs.cc',
@@ -1092,8 +1094,6 @@
       'ssl/client_cert_store_win.h',
       'ssl/ssl_cipher_suite_names.cc',
       'ssl/ssl_cipher_suite_names.h',
-      'ssl/ssl_config_service.cc',
-      'ssl/ssl_config_service.h',
       'ssl/ssl_config_service_defaults.cc',
       'ssl/ssl_config_service_defaults.h',
       'third_party/mozilla_security_manager/nsKeygenHandler.cpp',

diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
@@ -1015,7 +1015,9 @@ int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
       server_cert_.get(),
       host_and_port_.host(),
       flags,
-      NULL /* no CRL set */,
+      // TODO(davidben): Route the CRLSet through SSLConfig so
+      // SSLClientSocket doesn't depend on SSLConfigService.
+      SSLConfigService::GetCRLSet().get(),
       &server_cert_verify_result_,
       base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
                  base::Unretained(this)),

diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
@@ -7806,7 +7806,7 @@ TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) {
 }
 
 TEST_F(HTTPSCRLSetTest, CRLSetRevoked) {
-#if defined(USE_OPENSSL)
+#if defined(OS_ANDROID)
   LOG(WARNING) << "Skipping test because system doesn't support CRLSets";
   return;
 #endif

diff --git a/remoting/protocol/negotiating_authenticator_unittest.cc b/remoting/protocol/negotiating_authenticator_unittest.cc
@@ -147,29 +147,22 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
   DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest);
 };
 
-// These tests use net::SSLServerSocket which is not implemented for OpenSSL.
-#if defined(USE_OPENSSL)
-#define MAYBE(x) DISABLED_##x
-#else
-#define MAYBE(x) x
-#endif
-
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(SuccessfulAuthHmac)) {
+TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthHmac) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kNoClientId, kNoPairedSecret, kTestPin, kTestPin,
       AuthenticationMethod::HMAC_SHA256, false));
   VerifyAccepted(
       AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256));
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(SuccessfulAuthPlain)) {
+TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthPlain) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kNoClientId, kNoPairedSecret, kTestPin, kTestPin,
       AuthenticationMethod::NONE, false));
   VerifyAccepted(AuthenticationMethod::Spake2(AuthenticationMethod::NONE));
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(InvalidSecretHmac)) {
+TEST_F(NegotiatingAuthenticatorTest, InvalidSecretHmac) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin,
       AuthenticationMethod::HMAC_SHA256, false));
@@ -178,7 +171,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(InvalidSecretHmac)) {
   VerifyRejected(Authenticator::INVALID_CREDENTIALS);
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(InvalidSecretPlain)) {
+TEST_F(NegotiatingAuthenticatorTest, InvalidSecretPlain) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad,
       AuthenticationMethod::NONE, false));
@@ -187,7 +180,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(InvalidSecretPlain)) {
   VerifyRejected(Authenticator::INVALID_CREDENTIALS);
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(IncompatibleMethods)) {
+TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad,
       AuthenticationMethod::NONE, true));
@@ -196,7 +189,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(IncompatibleMethods)) {
   VerifyRejected(Authenticator::PROTOCOL_ERROR);
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingNotSupported)) {
+TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kTestClientId, kTestPairedSecret, kTestPin, kTestPin,
       AuthenticationMethod::HMAC_SHA256, false));
@@ -205,7 +198,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingNotSupported)) {
       AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256));
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingSupportedButNotPaired)) {
+TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) {
   CreatePairingRegistry(false);
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kNoClientId, kNoPairedSecret, kTestPin, kTestPin,
@@ -214,7 +207,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingSupportedButNotPaired)) {
   VerifyAccepted(AuthenticationMethod::Spake2Pair());
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingRevokedPinOkay)) {
+TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) {
   CreatePairingRegistry(false);
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kTestClientId, kTestPairedSecret, kTestPin, kTestPin,
@@ -223,7 +216,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingRevokedPinOkay)) {
   VerifyAccepted(AuthenticationMethod::Spake2Pair());
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingRevokedPinBad)) {
+TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
   CreatePairingRegistry(false);
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin,
@@ -232,7 +225,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingRevokedPinBad)) {
   VerifyRejected(Authenticator::INVALID_CREDENTIALS);
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingSucceeded)) {
+TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) {
   CreatePairingRegistry(true);
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin,
@@ -242,7 +235,7 @@ TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingSucceeded)) {
 }
 
 TEST_F(NegotiatingAuthenticatorTest,
-       MAYBE(PairingSucceededInvalidSecretButPinOkay)) {
+       PairingSucceededInvalidSecretButPinOkay) {
   CreatePairingRegistry(true);
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin,
@@ -251,7 +244,7 @@ TEST_F(NegotiatingAuthenticatorTest,
   VerifyAccepted(AuthenticationMethod::Spake2Pair());
 }
 
-TEST_F(NegotiatingAuthenticatorTest, MAYBE(PairingFailedInvalidSecretAndPin)) {
+TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) {
   CreatePairingRegistry(true);
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
       kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin,

diff --git a/remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc b/remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc
@@ -137,15 +137,8 @@ class SslHmacChannelAuthenticatorTest : public testing::Test {
   DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticatorTest);
 };
 
-// These tests use net::SSLServerSocket which is not implemented for OpenSSL.
-#if defined(USE_OPENSSL)
-#define MAYBE(x) DISABLED_##x
-#else
-#define MAYBE(x) x
-#endif
-
 // Verify that a channel can be connected using a valid shared secret.
-TEST_F(SslHmacChannelAuthenticatorTest, MAYBE(SuccessfulAuth)) {
+TEST_F(SslHmacChannelAuthenticatorTest, SuccessfulAuth) {
   client_auth_ = SslHmacChannelAuthenticator::CreateForClient(
       host_cert_, kTestSharedSecret);
   host_auth_ = SslHmacChannelAuthenticator::CreateForHost(
@@ -165,7 +158,7 @@ TEST_F(SslHmacChannelAuthenticatorTest, MAYBE(SuccessfulAuth)) {
 }
 
 // Verify that channels cannot be using invalid shared secret.
-TEST_F(SslHmacChannelAuthenticatorTest, MAYBE(InvalidChannelSecret)) {
+TEST_F(SslHmacChannelAuthenticatorTest, InvalidChannelSecret) {
   client_auth_ = SslHmacChannelAuthenticator::CreateForClient(
       host_cert_, kTestSharedSecretBad);
   host_auth_ = SslHmacChannelAuthenticator::CreateForHost(

diff --git a/remoting/protocol/third_party_authenticator_unittest.cc b/remoting/protocol/third_party_authenticator_unittest.cc
@@ -121,14 +121,7 @@ class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase {
   DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest);
 };
 
-// These tests use net::SSLServerSocket which is not implemented for OpenSSL.
-#if defined(USE_OPENSSL)
-#define MAYBE(x) DISABLED_##x
-#else
-#define MAYBE(x) x
-#endif
-
-TEST_F(ThirdPartyAuthenticatorTest, MAYBE(SuccessfulAuth)) {
+TEST_F(ThirdPartyAuthenticatorTest, SuccessfulAuth) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
@@ -155,7 +148,7 @@ TEST_F(ThirdPartyAuthenticatorTest, MAYBE(SuccessfulAuth)) {
   tester.CheckResults();
 }
 
-TEST_F(ThirdPartyAuthenticatorTest, MAYBE(ClientNoSecret)) {
+TEST_F(ThirdPartyAuthenticatorTest, ClientNoSecret) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
@@ -167,7 +160,7 @@ TEST_F(ThirdPartyAuthenticatorTest, MAYBE(ClientNoSecret)) {
   ASSERT_EQ(Authenticator::REJECTED, client_->state());
 }
 
-TEST_F(ThirdPartyAuthenticatorTest, MAYBE(InvalidToken)) {
+TEST_F(ThirdPartyAuthenticatorTest, InvalidToken) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
@@ -180,7 +173,7 @@ TEST_F(ThirdPartyAuthenticatorTest, MAYBE(InvalidToken)) {
   ASSERT_EQ(Authenticator::REJECTED, host_->state());
 }
 
-TEST_F(ThirdPartyAuthenticatorTest, MAYBE(CannotFetchToken)) {
+TEST_F(ThirdPartyAuthenticatorTest, CannotFetchToken) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
@@ -193,7 +186,7 @@ TEST_F(ThirdPartyAuthenticatorTest, MAYBE(CannotFetchToken)) {
 }
 
 // Test that negotiation stops when the fake authentication is rejected.
-TEST_F(ThirdPartyAuthenticatorTest, MAYBE(HostBadSecret)) {
+TEST_F(ThirdPartyAuthenticatorTest, HostBadSecret) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
@@ -207,7 +200,7 @@ TEST_F(ThirdPartyAuthenticatorTest, MAYBE(HostBadSecret)) {
   ASSERT_EQ(Authenticator::REJECTED, client_->state());
 }
 
-TEST_F(ThirdPartyAuthenticatorTest, MAYBE(ClientBadSecret)) {
+TEST_F(ThirdPartyAuthenticatorTest, ClientBadSecret) {
   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());

diff --git a/remoting/protocol/v2_authenticator_unittest.cc b/remoting/protocol/v2_authenticator_unittest.cc
@@ -51,14 +51,7 @@ class V2AuthenticatorTest : public AuthenticatorTestBase {
   DISALLOW_COPY_AND_ASSIGN(V2AuthenticatorTest);
 };
 
-// These tests use net::SSLServerSocket which is not implemented for OpenSSL.
-#if defined(USE_OPENSSL)
-#define MAYBE(x) DISABLED_##x
-#else
-#define MAYBE(x) x
-#endif
-
-TEST_F(V2AuthenticatorTest, MAYBE(SuccessfulAuth)) {
+TEST_F(V2AuthenticatorTest, SuccessfulAuth) {
   ASSERT_NO_FATAL_FAILURE(
       InitAuthenticators(kTestSharedSecret, kTestSharedSecret));
   ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
@@ -79,7 +72,7 @@ TEST_F(V2AuthenticatorTest, MAYBE(SuccessfulAuth)) {
 }
 
 // Verify that connection is rejected when secrets don't match.
-TEST_F(V2AuthenticatorTest, MAYBE(InvalidSecret)) {
+TEST_F(V2AuthenticatorTest, InvalidSecret) {
   ASSERT_NO_FATAL_FAILURE(
       InitAuthenticators(kTestSharedSecretBad, kTestSharedSecret));
   ASSERT_NO_FATAL_FAILURE(RunAuthExchange());