/src/mozilla-central/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
2 | | /* vim: set ts=8 sts=2 et sw=2 tw=80: */ |
3 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
4 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
5 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
6 | | |
7 | | #include "nsNSSIOLayer.h" |
8 | | #include "sslproto.h" |
9 | | #include "sslerr.h" |
10 | | |
11 | | #include "gtest/gtest.h" |
12 | | |
13 | | NS_NAMED_LITERAL_CSTRING(HOST, "example.org"); |
14 | | const int16_t PORT = 443; |
15 | | |
16 | | class psm_TLSIntoleranceTest : public ::testing::Test |
17 | | { |
18 | | protected: |
19 | | nsSSLIOLayerHelpers helpers; |
20 | | }; |
21 | | |
22 | | TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess) |
23 | 0 | { |
24 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, helpers.mVersionFallbackLimit); |
25 | 0 |
|
26 | 0 | // No adjustment made when there is no entry for the site. |
27 | 0 | { |
28 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
29 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
30 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
31 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
32 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
33 | 0 | } |
34 | 0 |
|
35 | 0 | { |
36 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
37 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
38 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
39 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
40 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
41 | 0 |
|
42 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
43 | 0 | range.min, range.max, 0)); |
44 | 0 | } |
45 | 0 |
|
46 | 0 | { |
47 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
48 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
49 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
50 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
51 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); |
52 | 0 |
|
53 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
54 | 0 | range.min, range.max, 0)); |
55 | 0 | } |
56 | 0 |
|
57 | 0 | { |
58 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
59 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
60 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
61 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
62 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max); |
63 | 0 |
|
64 | 0 | ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
65 | 0 | range.min, range.max, 0)); |
66 | 0 | } |
67 | 0 |
|
68 | 0 | { |
69 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
70 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
71 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
72 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
73 | 0 | // When rememberIntolerantAtVersion returns false, it also resets the |
74 | 0 | // intolerance information for the server. |
75 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
76 | 0 | } |
77 | 0 | } |
78 | | |
79 | | TEST_F(psm_TLSIntoleranceTest, DisableFallbackWithHighLimit) |
80 | 0 | { |
81 | 0 | // this value disables version fallback entirely: with this value, all efforts |
82 | 0 | // to mark an origin as version intolerant fail |
83 | 0 | helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2; |
84 | 0 | ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
85 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
86 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
87 | 0 | 0)); |
88 | 0 | ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
89 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
90 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
91 | 0 | 0)); |
92 | 0 | ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
93 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
94 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
95 | 0 | 0)); |
96 | 0 | } |
97 | | |
98 | | TEST_F(psm_TLSIntoleranceTest, FallbackLimitBelowMin) |
99 | 0 | { |
100 | 0 | // check that we still respect the minimum version, |
101 | 0 | // when it is higher than the fallback limit |
102 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
103 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
104 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
105 | 0 | 0)); |
106 | 0 | { |
107 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
108 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
109 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
110 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
111 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); |
112 | 0 | } |
113 | 0 |
|
114 | 0 | ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
115 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
116 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
117 | 0 | 0)); |
118 | 0 | } |
119 | | |
120 | | TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant1) |
121 | 0 | { |
122 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
123 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
124 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
125 | 0 | 0)); |
126 | 0 | helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); |
127 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
128 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
129 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
130 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
131 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); |
132 | 0 | } |
133 | | |
134 | | TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant2) |
135 | 0 | { |
136 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
137 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
138 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
139 | 0 | 0)); |
140 | 0 | helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2); |
141 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
142 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
143 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
144 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
145 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
146 | 0 | } |
147 | | |
148 | | TEST_F(psm_TLSIntoleranceTest, IntolerantDoesNotOverrideTolerant) |
149 | 0 | { |
150 | 0 | // No adjustment made when there is no entry for the site. |
151 | 0 | helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); |
152 | 0 | // false because we reached the floor set by rememberTolerantAtVersion. |
153 | 0 | ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
154 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
155 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
156 | 0 | 0)); |
157 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
158 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
159 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
160 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
161 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
162 | 0 | } |
163 | | |
164 | | TEST_F(psm_TLSIntoleranceTest, PortIsRelevant) |
165 | 0 | { |
166 | 0 | helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2); |
167 | 0 | ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1, |
168 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
169 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
170 | 0 | 0)); |
171 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2, |
172 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
173 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
174 | 0 | 0)); |
175 | 0 |
|
176 | 0 | { |
177 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
178 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
179 | 0 | helpers.adjustForTLSIntolerance(HOST, 1, range); |
180 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
181 | 0 | } |
182 | 0 |
|
183 | 0 | { |
184 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
185 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
186 | 0 | helpers.adjustForTLSIntolerance(HOST, 2, range); |
187 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); |
188 | 0 | } |
189 | 0 | } |
190 | | |
191 | | TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonInitial) |
192 | 0 | { |
193 | 0 | ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1)); |
194 | 0 |
|
195 | 0 | helpers.rememberTolerantAtVersion(HOST, 2, SSL_LIBRARY_VERSION_TLS_1_2); |
196 | 0 | ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 2)); |
197 | 0 | } |
198 | | |
199 | | TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonStored) |
200 | 0 | { |
201 | 0 | helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0, |
202 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
203 | 0 | SSL_ERROR_BAD_SERVER); |
204 | 0 | ASSERT_EQ(SSL_ERROR_BAD_SERVER, helpers.getIntoleranceReason(HOST, 1)); |
205 | 0 |
|
206 | 0 | helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0, |
207 | 0 | SSL_LIBRARY_VERSION_TLS_1_1, |
208 | 0 | SSL_ERROR_BAD_MAC_READ); |
209 | 0 | ASSERT_EQ(SSL_ERROR_BAD_MAC_READ, helpers.getIntoleranceReason(HOST, 1)); |
210 | 0 | } |
211 | | |
212 | | TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonCleared) |
213 | 0 | { |
214 | 0 | ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1)); |
215 | 0 |
|
216 | 0 | helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0, |
217 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
218 | 0 | SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); |
219 | 0 | ASSERT_EQ(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, |
220 | 0 | helpers.getIntoleranceReason(HOST, 1)); |
221 | 0 |
|
222 | 0 | helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2); |
223 | 0 | ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1)); |
224 | 0 | } |
225 | | |
226 | | TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance) |
227 | 0 | { |
228 | 0 | { |
229 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
230 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
231 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
232 | 0 | 0)); |
233 | 0 |
|
234 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
235 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
236 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
237 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
238 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); |
239 | 0 | } |
240 | 0 |
|
241 | 0 | { |
242 | 0 | helpers.forgetIntolerance(HOST, PORT); |
243 | 0 |
|
244 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
245 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
246 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
247 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
248 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
249 | 0 | } |
250 | 0 | } |
251 | | |
252 | | TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance) |
253 | 0 | { |
254 | 0 | { |
255 | 0 | helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); |
256 | 0 |
|
257 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
258 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
259 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
260 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
261 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
262 | 0 | } |
263 | 0 |
|
264 | 0 | { |
265 | 0 | ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, |
266 | 0 | SSL_LIBRARY_VERSION_TLS_1_0, |
267 | 0 | SSL_LIBRARY_VERSION_TLS_1_2, |
268 | 0 | 0)); |
269 | 0 |
|
270 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
271 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
272 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
273 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
274 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); |
275 | 0 | } |
276 | 0 |
|
277 | 0 | { |
278 | 0 | helpers.forgetIntolerance(HOST, PORT); |
279 | 0 |
|
280 | 0 | SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, |
281 | 0 | SSL_LIBRARY_VERSION_TLS_1_2 }; |
282 | 0 | helpers.adjustForTLSIntolerance(HOST, PORT, range); |
283 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); |
284 | 0 | ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); |
285 | 0 | } |
286 | 0 | } |
287 | | |
288 | | TEST_F(psm_TLSIntoleranceTest, TLSPerSiteFallbackLimit) |
289 | 0 | { |
290 | 0 | NS_NAMED_LITERAL_CSTRING(example_com, "example.com"); |
291 | 0 | NS_NAMED_LITERAL_CSTRING(example_net, "example.net"); |
292 | 0 | NS_NAMED_LITERAL_CSTRING(example_org, "example.org"); |
293 | 0 |
|
294 | 0 | helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0; |
295 | 0 |
|
296 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); |
297 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); |
298 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); |
299 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); |
300 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); |
301 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); |
302 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); |
303 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); |
304 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); |
305 | 0 |
|
306 | 0 | helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2; |
307 | 0 |
|
308 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); |
309 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); |
310 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); |
311 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); |
312 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); |
313 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); |
314 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); |
315 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); |
316 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); |
317 | 0 |
|
318 | 0 | helpers.setInsecureFallbackSites(example_com); |
319 | 0 |
|
320 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); |
321 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); |
322 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); |
323 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); |
324 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); |
325 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); |
326 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); |
327 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); |
328 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); |
329 | 0 |
|
330 | 0 | helpers.setInsecureFallbackSites(NS_LITERAL_CSTRING("example.com,example.net")); |
331 | 0 |
|
332 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); |
333 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); |
334 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); |
335 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); |
336 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); |
337 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); |
338 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); |
339 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); |
340 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); |
341 | 0 |
|
342 | 0 | helpers.setInsecureFallbackSites(example_net); |
343 | 0 |
|
344 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); |
345 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); |
346 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); |
347 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); |
348 | 0 | ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); |
349 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); |
350 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); |
351 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); |
352 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); |
353 | 0 |
|
354 | 0 | helpers.setInsecureFallbackSites(EmptyCString()); |
355 | 0 |
|
356 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); |
357 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); |
358 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); |
359 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); |
360 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); |
361 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); |
362 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); |
363 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); |
364 | 0 | ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); |
365 | 0 | } |