From bc1ea6573c76663718d441f7b0b849a91f3eefbd Mon Sep 17 00:00:00 2001 From: Neil Fuller Date: Mon, 13 Oct 2014 17:37:39 +0100 Subject: Suppress failing OkHttp CTS tests Added an additional regression test for SSLSocketTest. Bug: 17962997 Bug: 17750026 Change-Id: Ic1171a916a8dbfe4f0ae486d650583de2547175b --- expectations/knownfailures.txt | 13 ++++++++ .../java/libcore/javax/net/ssl/SSLSocketTest.java | 38 ++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/expectations/knownfailures.txt b/expectations/knownfailures.txt index 918caab..7f31c73 100644 --- a/expectations/knownfailures.txt +++ b/expectations/knownfailures.txt @@ -1473,6 +1473,19 @@ ] }, { + description: "Some OkHttp tests were written before the introduction of TLS_FALLBACK_SCSV and have only been fixed for APIs used by Android", + bug: 17962997, + names: [ + "com.squareup.okhttp.SyncApiTest#recoverFromTlsHandshakeFailure", + "com.squareup.okhttp.AsyncApiTest#recoverFromTlsHandshakeFailure" + ] +}, +{ + description: "JavaApiConverterTest#createOkResponse_fromJavaHttpsUrlConnection works independently but fails when run with some other test(s).", + bug: 17962997, + name: "com.squareup.okhttp.internal.http.JavaApiConverterTest#createOkResponse_fromJavaHttpsUrlConnection" +}, +{ description: "Okhttp test hardcodes the TLS version expected.", bug: 14462336, names: [ diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index 10cf159..4681877 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -1608,6 +1608,42 @@ public class SSLSocketTest extends TestCase { context.close(); } + // Confirms that communication without the TLS_FALLBACK_SCSV cipher works as it always did. + public void test_SSLSocket_sendsNoTlsFallbackScsv_Fallback_Success() throws Exception { + TestSSLContext context = TestSSLContext.create(); + + final SSLSocket client = (SSLSocket) + context.clientContext.getSocketFactory().createSocket(context.host, context.port); + final SSLSocket server = (SSLSocket) context.serverSocket.accept(); + + // Confirm absence of TLS_FALLBACK_SCSV. + assertFalse(Arrays.asList(client.getEnabledCipherSuites()) + .contains(StandardNames.CIPHER_SUITE_FALLBACK)); + + ExecutorService executor = Executors.newFixedThreadPool(2); + Future s = executor.submit(new Callable() { + public Void call() throws Exception { + server.setEnabledProtocols(new String[] { "TLSv1", "SSLv3" }); + server.startHandshake(); + return null; + } + }); + Future c = executor.submit(new Callable() { + public Void call() throws Exception { + client.setEnabledProtocols(new String[] { "SSLv3" }); + client.startHandshake(); + return null; + } + }); + executor.shutdown(); + + s.get(); + c.get(); + client.close(); + server.close(); + context.close(); + } + public void test_SSLSocket_sendsTlsFallbackScsv_InappropriateFallback_Failure() throws Exception { TestSSLContext context = TestSSLContext.create(); @@ -1616,6 +1652,8 @@ public class SSLSocketTest extends TestCase { final SSLSocket server = (SSLSocket) context.serverSocket.accept(); final String[] serverCipherSuites = server.getEnabledCipherSuites(); + + // Add TLS_FALLBACK_SCSV final String[] clientCipherSuites = new String[serverCipherSuites.length + 1]; System.arraycopy(serverCipherSuites, 0, clientCipherSuites, 0, serverCipherSuites.length); clientCipherSuites[serverCipherSuites.length] = StandardNames.CIPHER_SUITE_FALLBACK; -- cgit v1.1