Google Git
Sign in
chromium / chromium / src / 854a992e713a1c166e643c809eaa69e120831971^! / . / net / quic / quic_proxy_client_socket_unittest.cc
commit854a992e713a1c166e643c809eaa69e120831971[log] [tgz]
authorDavid Benjamin <[email protected]>Sat Jan 22 01:25:10 2022
committerChromium LUCI CQ <[email protected]>Sat Jan 22 01:25:10 2022
tree98d0689ed88726d04f6ea956cb438b4d49199f0f
parent60b8c0f3f47726052327436957d186d57d61d023 [diff] [blame]
Don't forward TLS information from tunneled sockets

Tunneled sockets should not report SSL or ALPN information. While their
underlying proxy connection may have used SSL or even negotiated an ALPN
protocol, the proxied origin connection is just a TCP connection and has
not, say, signaled that the caller should speak HTTP/2 over it.

Bug: 1277656
Change-Id: Id99c6b465d2f5ca52c2aa30664f31b64e256e13b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3324885
Reviewed-by: Ryan Hamilton <[email protected]>
Reviewed-by: Yutaka Hirano <[email protected]>
Reviewed-by: Matt Menke <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Cr-Commit-Position: refs/heads/main@{#962187}

diff --git a/net/quic/quic_proxy_client_socket_unittest.cc b/net/quic/quic_proxy_client_socket_unittest.cc
index 6fbc4133e..354b2c8 100644
--- a/net/quic/quic_proxy_client_socket_unittest.cc
+++ b/net/quic/quic_proxy_client_socket_unittest.cc

@@ -293,9 +293,6 @@
 
     writer->set_delegate(session_.get());
 
-    session_handle_ = session_->CreateHandle(
-        url::SchemeHostPort(url::kHttpsScheme, "mail.example.org", 80));
-
     session_->Initialize();
 
     // Blackhole QPACK decoder stream instead of constructing mock writes.
@@ -308,6 +305,8 @@
     EXPECT_THAT(session_->CryptoConnect(callback.callback()), IsOk());
     EXPECT_TRUE(session_->OneRttKeysAvailable());
 
+    session_handle_ = session_->CreateHandle(
+        url::SchemeHostPort(url::kHttpsScheme, "mail.example.org", 80));
     EXPECT_THAT(session_handle_->RequestStream(true, callback.callback(),
                                                TRAFFIC_ANNOTATION_FOR_TESTS),
                 IsOk());
@@ -680,6 +679,14 @@
   const HttpResponseInfo* response = sock_->GetConnectResponseInfo();
   ASSERT_TRUE(response != nullptr);
   ASSERT_EQ(200, response->headers->response_code());
+
+  // Although the underlying HTTP/3 connection uses TLS and negotiates ALPN, the
+  // tunnel itself is a TCP connection to the origin and should not report these
+  // values.
+  net::SSLInfo ssl_info;
+  EXPECT_FALSE(sock_->GetSSLInfo(&ssl_info));
+  EXPECT_FALSE(sock_->WasAlpnNegotiated());
+  EXPECT_EQ(sock_->GetNegotiatedProtocol(), NextProto::kProtoUnknown);
 }
 
 TEST_P(QuicProxyClientSocketTest, ProxyDelegateExtraHeaders) {