Update tlslite to 0.4.6.

net/tools/testserver/testserver.py

Index: net/tools/testserver/testserver.py
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 13aafcd538bdfd4775fcf3ba0a8915e193753273..2be8b66210c9c64788d2624153fd3a0763bb5e98 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -39,24 +39,34 @@ import zlib
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 ROOT_DIR = os.path.dirname(os.path.dirname(os.path.dirname(BASE_DIR)))
 
-import echo_message
-import testserver_base
-
 # Append at the end of sys.path, it's fine to use the system library.
 sys.path.append(os.path.join(ROOT_DIR, 'third_party', 'pyftpdlib', 'src'))
-sys.path.append(os.path.join(ROOT_DIR, 'third_party', 'tlslite'))
 import pyftpdlib.ftpserver

[Ryan Sleevi, 2014/04/08 20:45:36]

Should this be moved down, as you did lines 42/43?

[davidben, 2014/04/08 23:30:36]

Rearranged this considerably. Hopefully this order is cleaner.

-import tlslite
-import tlslite.api
+
+# Temporary hack to deal with tlslite 0.3.8 -> 0.4.0 upgrade.
+#
+# TODO(davidben): Remove this when it has landed and cycled through all the
+# bots.

[davidben, 2014/04/08 01:11:42]

This should read

# Temporary hack to deal with tlslite 0.3.8 -> 0.4.6 upgrade.
#
# TODO(davidben): Remove this when it has cycled through all the bots and
developer checkouts or when http://crbug.com/356276 is resolved.

I'll fix that tomorrow.

[davidben, 2014/04/08 23:30:36]

Done.

+try:
+  os.remove(os.path.join(ROOT_DIR, 'third_party', 'tlslite',
+                         'tlslite', 'utils', 'hmac.pyc'))
+except Exception:
+  pass

[Ryan Sleevi, 2014/04/08 20:45:36]

Why do you do this here, rather than line 41?

[davidben, 2014/04/08 23:30:36]

I think it made more sense before I had to move testserver_base down or
something. Rearranged considerably.

 
 # Insert at the beginning of the path, we want this to be used

[wtc, 2014/04/08 22:41:17]

Nit: this => these

or rephrase to be more specific, such as "our copies of the libraries".

[davidben, 2014/04/08 23:30:36]

Done.

 # unconditionally.
 sys.path.insert(0, os.path.join(ROOT_DIR, 'third_party', 'pywebsocket', 'src'))
+sys.path.insert(0, os.path.join(ROOT_DIR, 'third_party', 'tlslite'))
+import tlslite
+import tlslite.api

[wtc, 2014/04/08 22:29:09]

These are sandwiched between two lines (line 58 and line 62) related to
pywebsocket. Just wanted to make sure that is OK.

[davidben, 2014/04/08 23:30:36]

Rearranged this considerably. Hopefully this order is cleaner.

 import mod_pywebsocket.standalone
 from mod_pywebsocket.standalone import WebSocketServer
 # import manually
 mod_pywebsocket.standalone.ssl = ssl
 
+import echo_message
+import testserver_base
+
 SERVER_HTTP = 0
 SERVER_FTP = 1
 SERVER_TCP_ECHO = 2
@@ -142,7 +152,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
                ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers,
                record_resume_info, tls_intolerant, signed_cert_timestamps,
                fallback_scsv_enabled, ocsp_response):
-    self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key)
+    self.cert_chain = tlslite.api.X509CertChain()
+    self.cert_chain.parsePemList(pem_cert_and_key)
     # Force using only python implementation - otherwise behavior is different
     # depending on whether m2crypto Python module is present (error is thrown
     # when it is). m2crypto uses a C (based on OpenSSL) implementation under
@@ -152,7 +163,10 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
                                                implementations=['python'])
     self.ssl_client_auth = ssl_client_auth
     self.ssl_client_cas = []
-    self.tls_intolerant = tls_intolerant
+    if tls_intolerant == 0:
+      self.tls_intolerant = None
+    else:
+      self.tls_intolerant = (3, tls_intolerant)
     self.signed_cert_timestamps = signed_cert_timestamps
     self.fallback_scsv_enabled = fallback_scsv_enabled
     self.ocsp_response = ocsp_response
@@ -1436,11 +1450,14 @@ class TestPageHandler(testserver_base.BasePageHandler):
     self.send_header('Content-Type', 'text/plain')
     self.end_headers()
     try:
-      for (action, sessionID) in self.server.session_cache.log:
-        self.wfile.write('%s\t%s\n' % (action, sessionID.encode('hex')))
+      log = self.server.session_cache.log
     except AttributeError:
       self.wfile.write('Pass --https-record-resume in order to use' +
                        ' this request')
+      return True

[wtc, 2014/04/08 22:29:09]

Should we return False here?

[davidben, 2014/04/08 23:30:36]

Hrm, I don't think so? The old code returns True. I think False means something
like "I didn't handle this request, try another handler".

+
+    for (action, sessionID) in log:
+      self.wfile.write('%s\t%s\n' % (action, bytes(sessionID).encode('hex')))

[Ryan Sleevi, 2014/04/08 20:45:36]

Curious why you shuffled this around?

[davidben, 2014/04/08 23:30:36]

So, the actual change was to do a bytes(sessionID) first because
sessionID.encode now gives an AttributeError. But that got masked because of the
try/except. I moved it out so that only self.server.session_cache.log would
trigger the except block; that's a proxy for whether --https-record-resume. But
if there's an AttributeError in the loop, that's an actual bug and we shouldn't
catch the exception.

     return True
 
   def SSLManySmallRecords(self):
@@ -1470,7 +1487,7 @@ class TestPageHandler(testserver_base.BasePageHandler):
     self.send_response(200)
     self.send_header('Content-Type', 'text/plain')
     self.end_headers()
-    channel_id = self.server.tlsConnection.channel_id.tostring()
+    channel_id = bytes(self.server.tlsConnection.channel_id)
     self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64'))
     return True