Add False Start tests

net/tools/testserver/testserver.py

 #!/usr/bin/env python
 # Copyright 2013 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for
 testing Chrome.
 
 It supports several test URLs, as specified by the handlers in TestPageHandler.
 By default, it listens on an ephemeral port and sends the port number back to
@@ skipping 132 matching lines @@
 
 class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
                   testserver_base.ClientRestrictingServerMixIn,
                   testserver_base.BrokenPipeHandlerMixIn,
                   testserver_base.StoppableHTTPServer):
   """This is a specialization of StoppableHTTPServer that add https support and
   client verification."""
 
   def __init__(self, server_address, request_hander_class, pem_cert_and_key,
                ssl_client_auth, ssl_client_cas,
-               ssl_bulk_ciphers, ssl_key_exchanges,
+               ssl_bulk_ciphers, ssl_key_exchanges, next_protos,
                record_resume_info, tls_intolerant, signed_cert_timestamps,
                fallback_scsv_enabled, ocsp_response):
     self.cert_chain = tlslite.api.X509CertChain()
     self.cert_chain.parsePemList(pem_cert_and_key)
     # Force using only python implementation - otherwise behavior is different
     # depending on whether m2crypto Python module is present (error is thrown
     # when it is). m2crypto uses a C (based on OpenSSL) implementation under
     # the hood.
     self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key,
                                                private=True,
                                                implementations=['python'])
     self.ssl_client_auth = ssl_client_auth
     self.ssl_client_cas = []

[wtc, 2014/04/02 19:26:55]

Nit: you may want to set self.next_protos = next_protos here, to match the order
of the constructor arguments.

[davidben, 2014/04/03 19:38:36]

Done.

     if tls_intolerant == 0:
       self.tls_intolerant = None
     else:
       self.tls_intolerant = (3, tls_intolerant)
     self.signed_cert_timestamps = signed_cert_timestamps
     self.fallback_scsv_enabled = fallback_scsv_enabled
     self.ocsp_response = ocsp_response
+    self.next_protos = next_protos
 
     for ca_file in ssl_client_cas:
       s = open(ca_file).read()
       x509 = tlslite.api.X509()
       x509.parse(s)
       self.ssl_client_cas.append(x509.subject)
     self.ssl_handshake_settings = tlslite.api.HandshakeSettings()
     if ssl_bulk_ciphers is not None:
       self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers
     if ssl_key_exchanges is not None:
@@ skipping 13 matching lines @@
     """Creates the SSL connection."""
 
     try:
       self.tlsConnection = tlsConnection
       tlsConnection.handshakeServer(certChain=self.cert_chain,
                                     privateKey=self.private_key,
                                     sessionCache=self.session_cache,
                                     reqCert=self.ssl_client_auth,
                                     settings=self.ssl_handshake_settings,
                                     reqCAs=self.ssl_client_cas,
+                                    nextProtos=self.next_protos,
                                     tlsIntolerant=self.tls_intolerant,
                                     signedCertTimestamps=
                                     self.signed_cert_timestamps,
                                     fallbackSCSV=self.fallback_scsv_enabled,
                                     ocspResponse = self.ocsp_response)
       tlsConnection.ignoreAbruptClose = True
       return True
     except tlslite.api.TLSAbruptCloseError:
       # Ignore abrupt close.
       return True
@@ skipping 1759 matching lines @@
 
         stapled_ocsp_response = None
         if self.__ocsp_server and self.options.staple_ocsp_response:
           stapled_ocsp_response = self.__ocsp_server.ocsp_response
 
         server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key,
                              self.options.ssl_client_auth,
                              self.options.ssl_client_ca,
                              self.options.ssl_bulk_cipher,
                              self.options.ssl_key_exchange,
+                             self.options.next_proto,
                              self.options.record_resume,
                              self.options.tls_intolerant,
                              self.options.signed_cert_timestamps_tls_ext.decode(
                                  "base64"),
                              self.options.fallback_scsv,
                              stapled_ocsp_response)
         print 'HTTPS server started on %s:%d...' % (host, server.server_port)
       else:
         server = HTTPServer((host, port), TestPageHandler)
         print 'HTTP server started on %s:%d...' % (host, server.server_port)
@@ skipping 176 matching lines @@
                                   'appear multiple times, indicating '
                                   'multiple algorithms should be enabled.');
     self.option_parser.add_option('--ssl-key-exchange', action='append',
                                   help='Specify the key exchange algorithm(s)'
                                   'that will be accepted by the SSL server. '
                                   'Valid values are "rsa", "dhe_rsa". If '
                                   'omitted, all algorithms will be used. This '
                                   'option may appear multiple times, '
                                   'indicating multiple algorithms should be '
                                   'enabled.');
+    # TODO(davidben): Add ALPN support to tlslite.
+    self.option_parser.add_option('--next-proto', action='append',
+                                  help='Specify the next proto value(s) to '

[wtc, 2014/04/02 19:26:55]

Question: how are multiple values separated. By spaces or commas?

Nit: it would be good to give an example of a value for this option. Also, if
the test server doesn't support SPDY, then the only supported value is
"http/1.1", right?

[davidben, 2014/04/03 19:38:36]

It should be the same as --ssl-bulk-cipher and friends:

--next-proto=http/1.1 --next-proto=spdy/3
Though, yeah, it is true that HTTP/1.1 is the only supported value, which makes
the multivalued thing a little silly. I've switched it to a boolean to match the
API. We can make it more interesting if this server ever grows other protocols.

+                                  'used with the NPN extension. If omitted, '
+                                  'NPN will not be used used. This option '

[wtc, 2014/04/02 19:26:55]

Nit: used used => used

+                                  'may appear multiple times, indicating '
+                                  'the list of preferred protos.')

[wtc, 2014/04/02 19:26:55]

Nit: I don't understand why you said "preferred". Are you implying the order of
multiple instances of this option match the order of preference?

[davidben, 2014/04/03 19:38:36]

Hrm. I think that's what I meant? That's a somewhat bizarre wording... it's the
list of protos that the server presents to the client. I believe they're
supposed to be order. The client might also be allowed to pick one off the list
for some reason if it really really wants to? I dunno.

     self.option_parser.add_option('--file-root-url', default='/files/',
                                   help='Specify a root URL for files served.')
 
 
 if __name__ == '__main__':
   sys.exit(ServerRunner().main())