Update tlslite to 0.4.6.

net/tools/testserver/testserver.py

 #!/usr/bin/env python
 # Copyright 2013 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for
 testing Chrome.
 
 It supports several test URLs, as specified by the handlers in TestPageHandler.
 By default, it listens on an ephemeral port and sends the port number back to
@@ skipping 21 matching lines @@
 import sys
 import threading
 import time
 import urllib
 import urlparse
 import zlib
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 ROOT_DIR = os.path.dirname(os.path.dirname(os.path.dirname(BASE_DIR)))
 
-import echo_message
-import testserver_base
-
 # Append at the end of sys.path, it's fine to use the system library.
 sys.path.append(os.path.join(ROOT_DIR, 'third_party', 'pyftpdlib', 'src'))
-sys.path.append(os.path.join(ROOT_DIR, 'third_party', 'tlslite'))
 import pyftpdlib.ftpserver

[Ryan Sleevi, 2014/04/08 20:45:36]

Should this be moved down, as you did lines 42/43?

[davidben, 2014/04/08 23:30:36]

Rearranged this considerably. Hopefully this order is cleaner.

-import tlslite
-import tlslite.api
+
+# Temporary hack to deal with tlslite 0.3.8 -> 0.4.0 upgrade.
+#
+# TODO(davidben): Remove this when it has landed and cycled through all the
+# bots.

[davidben, 2014/04/08 01:11:42]

This should read

# Temporary hack to deal with tlslite 0.3.8 -> 0.4.6 upgrade.
#
# TODO(davidben): Remove this when it has cycled through all the bots and
developer checkouts or when http://crbug.com/356276 is resolved.

I'll fix that tomorrow.

[davidben, 2014/04/08 23:30:36]

Done.

+try:
+  os.remove(os.path.join(ROOT_DIR, 'third_party', 'tlslite',
+                         'tlslite', 'utils', 'hmac.pyc'))
+except Exception:
+  pass

[Ryan Sleevi, 2014/04/08 20:45:36]

Why do you do this here, rather than line 41?

[davidben, 2014/04/08 23:30:36]

I think it made more sense before I had to move testserver_base down or
something. Rearranged considerably.

 
 # Insert at the beginning of the path, we want this to be used

[wtc, 2014/04/08 22:41:17]

Nit: this => these

or rephrase to be more specific, such as "our copies of the libraries".

[davidben, 2014/04/08 23:30:36]

Done.

 # unconditionally.
 sys.path.insert(0, os.path.join(ROOT_DIR, 'third_party', 'pywebsocket', 'src'))
+sys.path.insert(0, os.path.join(ROOT_DIR, 'third_party', 'tlslite'))
+import tlslite
+import tlslite.api

[wtc, 2014/04/08 22:29:09]

These are sandwiched between two lines (line 58 and line 62) related to
pywebsocket. Just wanted to make sure that is OK.

[davidben, 2014/04/08 23:30:36]

Rearranged this considerably. Hopefully this order is cleaner.

 import mod_pywebsocket.standalone
 from mod_pywebsocket.standalone import WebSocketServer
 # import manually
 mod_pywebsocket.standalone.ssl = ssl
 
+import echo_message
+import testserver_base
+
 SERVER_HTTP = 0
 SERVER_FTP = 1
 SERVER_TCP_ECHO = 2
 SERVER_UDP_ECHO = 3
 SERVER_BASIC_AUTH_PROXY = 4
 SERVER_WEBSOCKET = 5
 
 # Default request queue size for WebSocketServer.
 _DEFAULT_REQUEST_QUEUE_SIZE = 128
 
@@ skipping 65 matching lines @@
                   testserver_base.ClientRestrictingServerMixIn,
                   testserver_base.BrokenPipeHandlerMixIn,
                   testserver_base.StoppableHTTPServer):
   """This is a specialization of StoppableHTTPServer that add https support and
   client verification."""
 
   def __init__(self, server_address, request_hander_class, pem_cert_and_key,
                ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers,
                record_resume_info, tls_intolerant, signed_cert_timestamps,
                fallback_scsv_enabled, ocsp_response):
-    self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key)
+    self.cert_chain = tlslite.api.X509CertChain()
+    self.cert_chain.parsePemList(pem_cert_and_key)
     # Force using only python implementation - otherwise behavior is different
     # depending on whether m2crypto Python module is present (error is thrown
     # when it is). m2crypto uses a C (based on OpenSSL) implementation under
     # the hood.
     self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key,
                                                private=True,
                                                implementations=['python'])
     self.ssl_client_auth = ssl_client_auth
     self.ssl_client_cas = []
-    self.tls_intolerant = tls_intolerant
+    if tls_intolerant == 0:
+      self.tls_intolerant = None
+    else:
+      self.tls_intolerant = (3, tls_intolerant)
     self.signed_cert_timestamps = signed_cert_timestamps
     self.fallback_scsv_enabled = fallback_scsv_enabled
     self.ocsp_response = ocsp_response
 
     for ca_file in ssl_client_cas:
       s = open(ca_file).read()
       x509 = tlslite.api.X509()
       x509.parse(s)
       self.ssl_client_cas.append(x509.subject)
     self.ssl_handshake_settings = tlslite.api.HandshakeSettings()
@@ skipping 1263 matching lines @@
   def GetSSLSessionCacheHandler(self):
     """Send a reply containing a log of the session cache operations."""
 
     if not self._ShouldHandleRequest('/ssl-session-cache'):
       return False
 
     self.send_response(200)
     self.send_header('Content-Type', 'text/plain')
     self.end_headers()
     try:
-      for (action, sessionID) in self.server.session_cache.log:
-        self.wfile.write('%s\t%s\n' % (action, sessionID.encode('hex')))
+      log = self.server.session_cache.log
     except AttributeError:
       self.wfile.write('Pass --https-record-resume in order to use' +
                        ' this request')
+      return True

[wtc, 2014/04/08 22:29:09]

Should we return False here?

[davidben, 2014/04/08 23:30:36]

Hrm, I don't think so? The old code returns True. I think False means something
like "I didn't handle this request, try another handler".

+
+    for (action, sessionID) in log:
+      self.wfile.write('%s\t%s\n' % (action, bytes(sessionID).encode('hex')))

[Ryan Sleevi, 2014/04/08 20:45:36]

Curious why you shuffled this around?

[davidben, 2014/04/08 23:30:36]

So, the actual change was to do a bytes(sessionID) first because
sessionID.encode now gives an AttributeError. But that got masked because of the
try/except. I moved it out so that only self.server.session_cache.log would
trigger the except block; that's a proxy for whether --https-record-resume. But
if there's an AttributeError in the loop, that's an actual bug and we shouldn't
catch the exception.

     return True
 
   def SSLManySmallRecords(self):
     """Sends a reply consisting of a variety of small writes. These will be
     translated into a series of small SSL records when used over an HTTPS
     server."""
 
     if not self._ShouldHandleRequest('/ssl-many-small-records'):
       return False
 
     self.send_response(200)
     self.send_header('Content-Type', 'text/plain')
     self.end_headers()
 
     # Write ~26K of data, in 1350 byte chunks
     for i in xrange(20):
       self.wfile.write('*' * 1350)
       self.wfile.flush()
     return True
 
   def GetChannelID(self):
     """Send a reply containing the hashed ChannelID that the client provided."""
 
     if not self._ShouldHandleRequest('/channel-id'):
       return False
 
     self.send_response(200)
     self.send_header('Content-Type', 'text/plain')
     self.end_headers()
-    channel_id = self.server.tlsConnection.channel_id.tostring()
+    channel_id = bytes(self.server.tlsConnection.channel_id)
     self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64'))
     return True
 
   def CloseSocketHandler(self):
     """Closes the socket without sending anything."""
 
     if not self._ShouldHandleRequest('/close-socket'):
       return False
 
     self.wfile.close()
@@ skipping 665 matching lines @@
                                   '"aes128", "3des", "rc4". If omitted, all '
                                   'algorithms will be used. This option may '
                                   'appear multiple times, indicating '
                                   'multiple algorithms should be enabled.');
     self.option_parser.add_option('--file-root-url', default='/files/',
                                   help='Specify a root URL for files served.')
 
 
 if __name__ == '__main__':
   sys.exit(ServerRunner().main())