Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test gets skipped with pattern: os == 'win' && msix
- Manifest: netwerk/test/unit/xpcshell.toml
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
"use strict";
let trrServer;
const certOverrideService = Cc[
"@mozilla.org/security/certoverride;1"
].getService(Ci.nsICertOverrideService);
add_setup(async function setup() {
trr_test_setup();
Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRFIRST);
Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
// An arbitrary, non-ECH server.
await asyncStartTLSTestServer(
"DelegatedCredentialsServer",
"../../../security/manager/ssl/tests/unit/test_delegated_credentials"
);
let nssComponent = Cc["@mozilla.org/psm;1"].getService(Ci.nsINSSComponent);
await nssComponent.asyncClearSSLExternalAndInternalSessionCache();
});
registerCleanupFunction(async () => {
trr_clear_prefs();
Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
Services.prefs.clearUserPref("network.dns.echconfig.enabled");
Services.prefs.clearUserPref(
"network.dns.echconfig.fallback_to_origin_when_all_failed"
);
if (trrServer) {
await trrServer.stop();
}
});
function makeChan(url) {
let chan = NetUtil.newChannel({
uri: url,
loadUsingSystemPrincipal: true,
contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
}).QueryInterface(Ci.nsIHttpChannel);
return chan;
}
function channelOpenPromise(chan, flags) {
return new Promise(resolve => {
function finish(req, buffer) {
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
false
);
resolve([req, buffer]);
}
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
false
);
let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
internal.setWaitForHTTPSSVCRecord();
chan.asyncOpen(new ChannelListener(finish, null, flags));
});
}
add_task(async function testRetryWithoutECH() {
const ECH_CONFIG_FIXED =
"AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
trrServer = new TRRServer();
await trrServer.start();
Services.prefs.setIntPref("network.trr.mode", 3);
Services.prefs.setCharPref(
"network.trr.uri",
);
Services.prefs.setBoolPref(
"network.dns.echconfig.fallback_to_origin_when_all_failed",
true
);
// Only the last record is valid to use.
await trrServer.registerDoHAnswers(
"delegated-disabled.example.com",
"HTTPS",
{
answers: [
{
name: "delegated-disabled.example.com",
ttl: 55,
type: "HTTPS",
flush: false,
data: {
priority: 1,
name: "delegated-disabled.example.com",
values: [
{
key: "echconfig",
value: ECH_CONFIG_FIXED,
needBase64Decode: true,
},
],
},
},
],
}
);
await trrServer.registerDoHAnswers("delegated-disabled.example.com", "A", {
answers: [
{
name: "delegated-disabled.example.com",
ttl: 55,
type: "A",
flush: false,
data: "127.0.0.1",
},
],
});
await new TRRDNSListener("delegated-disabled.example.com", {
type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
});
await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
let securityInfo = chan.securityInfo;
Assert.ok(
!securityInfo.isAcceptedEch,
"This host should not have accepted ECH"
);
await trrServer.stop();
});