Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2758)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/tools/testserver/testserver.py

Issue 109563002: net: add test for TLS_FALLBACK_SCSV (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Add comment. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/test/spawned_test_server/base_test_server.cc ('K') | « net/test/spawned_test_server/base_test_server.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/tools/testserver/testserver.py
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 6e85b4f64083f24a3b0b1629338f5a28584fdbc9..f50dd0c8e06c6339449996978ed95565c5a0b71f 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -135,7 +135,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
def __init__(self, server_address, request_hander_class, pem_cert_and_key,
ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers,
- record_resume_info, tls_intolerant, signed_cert_timestamps):
+ record_resume_info, tls_intolerant, signed_cert_timestamps,
+ fallback_scsv_enabled):
self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key)
# Force using only python implementation - otherwise behavior is different
# depending on whether m2crypto Python module is present (error is thrown
@@ -148,6 +149,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
self.ssl_client_cas = []
self.tls_intolerant = tls_intolerant
self.signed_cert_timestamps = signed_cert_timestamps
+ self.fallback_scsv_enabled = fallback_scsv_enabled
for ca_file in ssl_client_cas:
s = open(ca_file).read()
@@ -181,7 +183,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
reqCAs=self.ssl_client_cas,
tlsIntolerant=self.tls_intolerant,
signedCertTimestamps=
- self.signed_cert_timestamps)
+ self.signed_cert_timestamps,
+ fallbackSCSV=self.fallback_scsv_enabled)
tlsConnection.ignoreAbruptClose = True
return True
except tlslite.api.TLSAbruptCloseError:
@@ -1947,7 +1950,8 @@ class ServerRunner(testserver_base.TestServerRunner):
self.options.record_resume,
self.options.tls_intolerant,
self.options.signed_cert_timestamps.decode(
- "base64"))
+ "base64"),
+ self.options.fallback_scsv)
print 'HTTPS server started on %s:%d...' % (host, server.server_port)
else:
server = HTTPServer((host, port), TestPageHandler)
@@ -2092,6 +2096,13 @@ class ServerRunner(testserver_base.TestServerRunner):
'server will respond with a '
'signed_certificate_timestamp TLS extension '
'whenever the client supports it.')
+ self.option_parser.add_option('--fallback-scsv', dest='fallback_scsv',
wtc 2013/12/10 16:28:27 Nit: should these be named --fallback-scsv-enabled
agl 2013/12/10 17:53:43 I think the style for arguments and variables is d
+ default=False, const=True,
+ action='store_const',
+ help='If given, TLS_FALLBACK_SCSV support '
+ 'will be enabled. This causes the server to '
+ 'reject fallback connections from compatible '
+ 'clients (e.g. Chrome).')
self.option_parser.add_option('--https-record-resume',
dest='record_resume', const=True,
default=False, action='store_const',
« net/test/spawned_test_server/base_test_server.cc ('K') | « net/test/spawned_test_server/base_test_server.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698