Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(233)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/tools/testserver/testserver.py

Issue 3177015: Improve support for requesting client certs in tlslite (Closed)
Patch Set: Cert requests got turned on across the board Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | third_party/tlslite/README.chromium » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/tools/testserver/testserver.py
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 849ec1794a7cc22bd1856ba7bb7dc766aaab514b..c18e7d3456f616c742f0751d21033eda4d2bc718 100644
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -58,7 +58,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer):
"""This is a specialization of StoppableHTTPerver that add https support."""
def __init__(self, server_address, request_hander_class, cert_path,
- ssl_client_auth):
+ ssl_client_auth, ssl_client_cas):
s = open(cert_path).read()
x509 = tlslite.api.X509()
x509.parse(s)
@@ -66,6 +66,12 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer):
s = open(cert_path).read()
self.private_key = tlslite.api.parsePEMKey(s, private=True)
self.ssl_client_auth = ssl_client_auth
+ self.ssl_client_cas = []
+ for ca_file in ssl_client_cas:
+ s = open(ca_file).read()
+ x509 = tlslite.api.X509()
+ x509.parse(s)
+ self.ssl_client_cas.append(x509.subject)
self.session_cache = tlslite.api.SessionCache()
StoppableHTTPServer.__init__(self, server_address, request_hander_class)
@@ -76,7 +82,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer):
tlsConnection.handshakeServer(certChain=self.cert_chain,
privateKey=self.private_key,
sessionCache=self.session_cache,
- reqCert=self.ssl_client_auth)
+ reqCert=self.ssl_client_auth,
+ reqCAs=self.ssl_client_cas)
tlsConnection.ignoreAbruptClose = True
return True
except tlslite.api.TLSError, error:
@@ -1215,10 +1222,16 @@ def main(options, args):
if options.cert:
# let's make sure the cert file exists.
if not os.path.isfile(options.cert):
- print 'specified cert file not found: ' + options.cert + ' exiting...'
+ print 'specified server cert file not found: ' + options.cert + \
+ ' exiting...'
return
+ for ca_cert in options.ssl_client_ca:
+ if not os.path.isfile(ca_cert):
+ print 'specified trusted client CA file not found: ' + ca_cert + \
+ ' exiting...'
+ return
server = HTTPSServer(('127.0.0.1', port), TestPageHandler, options.cert,
- options.ssl_client_auth)
+ options.ssl_client_auth, options.ssl_client_ca)
print 'HTTPS server started on port %d...' % port
else:
server = StoppableHTTPServer(('127.0.0.1', port), TestPageHandler)
@@ -1285,6 +1298,10 @@ if __name__ == '__main__':
'the server should use.')
option_parser.add_option('', '--ssl-client-auth', action='store_true',
help='Require SSL client auth on every connection.')
+ option_parser.add_option('', '--ssl-client-ca', action='append', default=[],
+ help='Specify that the client certificate request '
+ 'should indicate that it supports the CA contained '
+ 'in the specified certificate file')
option_parser.add_option('', '--file-root-url', default='/files/',
help='Specify a root URL for files served.')
option_parser.add_option('', '--never-die', default=False,
« no previous file with comments | « no previous file | third_party/tlslite/README.chromium » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698