| OLD | NEW |
|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """This is a simple HTTP/FTP/SYNC/TCP/UDP/ server used for testing Chrome. | 6 """This is a simple HTTP/FTP/SYNC/TCP/UDP/ server used for testing Chrome. |
| 7 | 7 |
| 8 It supports several test URLs, as specified by the handlers in TestPageHandler. | 8 It supports several test URLs, as specified by the handlers in TestPageHandler. |
| 9 By default, it listens on an ephemeral port and sends the port number back to | 9 By default, it listens on an ephemeral port and sends the port number back to |
| 10 the originating process over a pipe. The originating process can specify an | 10 the originating process over a pipe. The originating process can specify an |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 126 self.thread.join() | 126 self.thread.join() |
| 127 | 127 |
| 128 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, | 128 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
| 129 ClientRestrictingServerMixIn, | 129 ClientRestrictingServerMixIn, |
| 130 StoppableHTTPServer): | 130 StoppableHTTPServer): |
| 131 """This is a specialization of StoppableHTTPServer that add https support and | 131 """This is a specialization of StoppableHTTPServer that add https support and |
| 132 client verification.""" | 132 client verification.""" |
| 133 | 133 |
| 134 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 134 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
| 135 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, | 135 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, |
| 136 record_resume_info): | 136 record_resume_info, tls_intolerant): |
| 137 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key) | 137 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key) |
| 138 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, private=True) | 138 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, private=True) |
| 139 self.ssl_client_auth = ssl_client_auth | 139 self.ssl_client_auth = ssl_client_auth |
| 140 self.ssl_client_cas = [] | 140 self.ssl_client_cas = [] |
| 141 self.tls_intolerant = tls_intolerant |
| 142 |
| 141 for ca_file in ssl_client_cas: | 143 for ca_file in ssl_client_cas: |
| 142 s = open(ca_file).read() | 144 s = open(ca_file).read() |
| 143 x509 = tlslite.api.X509() | 145 x509 = tlslite.api.X509() |
| 144 x509.parse(s) | 146 x509.parse(s) |
| 145 self.ssl_client_cas.append(x509.subject) | 147 self.ssl_client_cas.append(x509.subject) |
| 146 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() | 148 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
| 147 if ssl_bulk_ciphers is not None: | 149 if ssl_bulk_ciphers is not None: |
| 148 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 150 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
| 149 | 151 |
| 150 if record_resume_info: | 152 if record_resume_info: |
| 151 # If record_resume_info is true then we'll replace the session cache with | 153 # If record_resume_info is true then we'll replace the session cache with |
| 152 # an object that records the lookups and inserts that it sees. | 154 # an object that records the lookups and inserts that it sees. |
| 153 self.session_cache = RecordingSSLSessionCache() | 155 self.session_cache = RecordingSSLSessionCache() |
| 154 else: | 156 else: |
| 155 self.session_cache = tlslite.api.SessionCache() | 157 self.session_cache = tlslite.api.SessionCache() |
| 156 StoppableHTTPServer.__init__(self, server_address, request_hander_class) | 158 StoppableHTTPServer.__init__(self, server_address, request_hander_class) |
| 157 | 159 |
| 158 def handshake(self, tlsConnection): | 160 def handshake(self, tlsConnection): |
| 159 """Creates the SSL connection.""" | 161 """Creates the SSL connection.""" |
| 160 try: | 162 try: |
| 161 tlsConnection.handshakeServer(certChain=self.cert_chain, | 163 tlsConnection.handshakeServer(certChain=self.cert_chain, |
| 162 privateKey=self.private_key, | 164 privateKey=self.private_key, |
| 163 sessionCache=self.session_cache, | 165 sessionCache=self.session_cache, |
| 164 reqCert=self.ssl_client_auth, | 166 reqCert=self.ssl_client_auth, |
| 165 settings=self.ssl_handshake_settings, | 167 settings=self.ssl_handshake_settings, |
| 166 reqCAs=self.ssl_client_cas) | 168 reqCAs=self.ssl_client_cas, |
| 169 tlsIntolerant=self.tls_intolerant) |
| 167 tlsConnection.ignoreAbruptClose = True | 170 tlsConnection.ignoreAbruptClose = True |
| 168 return True | 171 return True |
| 169 except tlslite.api.TLSAbruptCloseError: | 172 except tlslite.api.TLSAbruptCloseError: |
| 170 # Ignore abrupt close. | 173 # Ignore abrupt close. |
| 171 return True | 174 return True |
| 172 except tlslite.api.TLSError, error: | 175 except tlslite.api.TLSError, error: |
| 173 print "Handshake failure:", str(error) | 176 print "Handshake failure:", str(error) |
| 174 return False | 177 return False |
| 175 | 178 |
| 176 | 179 |
| (...skipping 1861 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2038 | 2041 |
| 2039 ocsp_server.ocsp_response = ocsp_der | 2042 ocsp_server.ocsp_response = ocsp_der |
| 2040 | 2043 |
| 2041 for ca_cert in options.ssl_client_ca: | 2044 for ca_cert in options.ssl_client_ca: |
| 2042 if not os.path.isfile(ca_cert): | 2045 if not os.path.isfile(ca_cert): |
| 2043 print 'specified trusted client CA file not found: ' + ca_cert + \ | 2046 print 'specified trusted client CA file not found: ' + ca_cert + \ |
| 2044 ' exiting...' | 2047 ' exiting...' |
| 2045 return | 2048 return |
| 2046 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, | 2049 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, |
| 2047 options.ssl_client_auth, options.ssl_client_ca, | 2050 options.ssl_client_auth, options.ssl_client_ca, |
| 2048 options.ssl_bulk_cipher, options.record_resume) | 2051 options.ssl_bulk_cipher, options.record_resume, |
| 2052 options.tls_intolerant) |
| 2049 print 'HTTPS server started on %s:%d...' % (host, server.server_port) | 2053 print 'HTTPS server started on %s:%d...' % (host, server.server_port) |
| 2050 else: | 2054 else: |
| 2051 server = HTTPServer((host, port), TestPageHandler) | 2055 server = HTTPServer((host, port), TestPageHandler) |
| 2052 print 'HTTP server started on %s:%d...' % (host, server.server_port) | 2056 print 'HTTP server started on %s:%d...' % (host, server.server_port) |
| 2053 | 2057 |
| 2054 server.data_dir = MakeDataDir() | 2058 server.data_dir = MakeDataDir() |
| 2055 server.file_root_url = options.file_root_url | 2059 server.file_root_url = options.file_root_url |
| 2056 server_data['port'] = server.server_port | 2060 server_data['port'] = server.server_port |
| 2057 server._device_management_handler = None | 2061 server._device_management_handler = None |
| 2058 server.policy_keys = options.policy_keys | 2062 server.policy_keys = options.policy_keys |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2165 option_parser.add_option('', '--https', action='store_true', dest='https', | 2169 option_parser.add_option('', '--https', action='store_true', dest='https', |
| 2166 help='Specify that https should be used.') | 2170 help='Specify that https should be used.') |
| 2167 option_parser.add_option('', '--cert-and-key-file', dest='cert_and_key_file', | 2171 option_parser.add_option('', '--cert-and-key-file', dest='cert_and_key_file', |
| 2168 help='specify the path to the file containing the ' | 2172 help='specify the path to the file containing the ' |
| 2169 'certificate and private key for the server in PEM ' | 2173 'certificate and private key for the server in PEM ' |
| 2170 'format') | 2174 'format') |
| 2171 option_parser.add_option('', '--ocsp', dest='ocsp', default='ok', | 2175 option_parser.add_option('', '--ocsp', dest='ocsp', default='ok', |
| 2172 help='The type of OCSP response generated for the ' | 2176 help='The type of OCSP response generated for the ' |
| 2173 'automatically generated certificate. One of ' | 2177 'automatically generated certificate. One of ' |
| 2174 '[ok,revoked,invalid]') | 2178 '[ok,revoked,invalid]') |
| 2179 option_parser.add_option('', '--tls-intolerant', dest='tls_intolerant', |
| 2180 const=True, default=False, action='store_const', |
| 2181 help='If true, TLS connections will be aborted ' |
| 2182 ' in order to test SSLv3 fallback.') |
| 2175 option_parser.add_option('', '--https-record-resume', dest='record_resume', | 2183 option_parser.add_option('', '--https-record-resume', dest='record_resume', |
| 2176 const=True, default=False, action='store_const', | 2184 const=True, default=False, action='store_const', |
| 2177 help='Record resumption cache events rather than' | 2185 help='Record resumption cache events rather than' |
| 2178 ' resuming as normal. Allows the use of the' | 2186 ' resuming as normal. Allows the use of the' |
| 2179 ' /ssl-session-cache request') | 2187 ' /ssl-session-cache request') |
| 2180 option_parser.add_option('', '--ssl-client-auth', action='store_true', | 2188 option_parser.add_option('', '--ssl-client-auth', action='store_true', |
| 2181 help='Require SSL client auth on every connection.') | 2189 help='Require SSL client auth on every connection.') |
| 2182 option_parser.add_option('', '--ssl-client-ca', action='append', default=[], | 2190 option_parser.add_option('', '--ssl-client-ca', action='append', default=[], |
| 2183 help='Specify that the client certificate request ' | 2191 help='Specify that the client certificate request ' |
| 2184 'should include the CA named in the subject of ' | 2192 'should include the CA named in the subject of ' |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2217 dest='host', | 2225 dest='host', |
| 2218 help='Hostname or IP upon which the server will ' | 2226 help='Hostname or IP upon which the server will ' |
| 2219 'listen. Client connections will also only be ' | 2227 'listen. Client connections will also only be ' |
| 2220 'allowed from this address.') | 2228 'allowed from this address.') |
| 2221 option_parser.add_option('', '--auth-token', dest='auth_token', | 2229 option_parser.add_option('', '--auth-token', dest='auth_token', |
| 2222 help='Specify the auth token which should be used' | 2230 help='Specify the auth token which should be used' |
| 2223 'in the authorization header for GData.') | 2231 'in the authorization header for GData.') |
| 2224 options, args = option_parser.parse_args() | 2232 options, args = option_parser.parse_args() |
| 2225 | 2233 |
| 2226 sys.exit(main(options, args)) | 2234 sys.exit(main(options, args)) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10218007:
net: don't remember TLS intolerant servers. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src