Google Git
Sign in
chromium / chromium / src.git / c8dc58c297262677b250d632c974358130bd1e9a^! / . / net / url_request / url_request_unittest.cc
commitc8dc58c297262677b250d632c974358130bd1e9a[log] [tgz]
authordavidben <[email protected]>Tue Jan 06 21:08:43 2015
committerCommit bot <[email protected]>Tue Jan 06 21:09:22 2015
tree74b8550da9395a2f3a0357f174e74ef8bf5e0004
parent9b891315f7af505fd9d0a4078589adf00925b518 [diff] [blame]
Roll BoringSSL 306e520:aac2f6a

This is https://codereview.chromium.org/835193005 rolled a little further and
with some additional changes:

It fixes the FallbackSCSV tests to no longer be a no-op. It also accounts for
BoringSSL's handling of a handshake_failure in response to a ClientHello to
match NSS's behavior and our test expectations. See https://crbug.com/446505
for details.

Summary of changes available at:
https://boringssl.googlesource.com/boringssl/+log/306e520..aac2f6a

BUG=446505

Review URL: https://codereview.chromium.org/834313002

Cr-Commit-Position: refs/heads/master@{#310144}

diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 58597fe..c3bc166 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc

@@ -7686,10 +7686,10 @@
 TEST_F(HTTPSFallbackTest, FallbackSCSV) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
-  // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger
+  // Configure HTTPS server to be intolerant of TLS >= 1.1 in order to trigger
   // a version fallback.
   ssl_options.tls_intolerant =
-      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
+      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1;
   // Have the server process TLS_FALLBACK_SCSV so that version fallback
   // connections are rejected.
   ssl_options.fallback_scsv_enabled = true;
@@ -7708,10 +7708,10 @@
 TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
-  // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger
+  // Configure HTTPS server to be intolerant of TLS >= 1.1 in order to trigger
   // a version fallback.
   ssl_options.tls_intolerant =
-      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_ALL;
+      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1;
   ssl_options.tls_intolerance_type =
       SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE;
   // Have the server process TLS_FALLBACK_SCSV so that version fallback